![]() |
AnyConnect Secure Mobility Client 5.0.00556
|
00001 /************************************************************************** 00002 * Copyright (c) 2006, 2021 Cisco Systems, Inc. 00003 * All Rights Reserved. Cisco Highly Confidential. 00004 *************************************************************************** 00005 * 00006 * File: ClientIfcBase.h 00007 * Author: Chris Fitzgerald 00008 * Date: 08/2007 00009 * 00010 *************************************************************************** 00011 * Client Interface Base class implementation for the Client API. 00012 ***************************************************************************/ 00013 00014 // The ClientIfcBase class contains the majority of private methods and members. 00015 // The purpose of this class is to hide all but the necessary methods from 00016 // being exposed. 00017 // 00018 00019 #ifndef _CLIENTIFCBASE_ 00020 #define _CLIENTIFCBASE_ 00021 00022 #include <list> 00023 #include <vector> 00024 #include <memory> 00025 00026 00027 /* 00028 * SCRIPTING_SUPPORTED, INTERPROCESS_COMMUNICATION_SUPPORTED macro is a copy of corresponding 00029 * #define from GenDefs.h. Any change in #define for the macro in GenDefs.h must propogated to 00030 * this header file too. We duplicate this definition here due to the manner in which we distribute 00031 * our code to partners; we cannot include GenDefs.h from here. 00032 */ 00033 #if !defined(PLATFORM_APPLE_SSLVPN) && !defined(PLATFORM_ANDROID) && !defined(PLATFORM_WIN_APP) 00034 #define SCRIPTING_SUPPORTED 00035 #endif 00036 #if !defined(PLATFORM_WIN_APP) 00037 #define INTERPROCESS_COMMUNICATION_SUPPORTED 00038 #endif 00039 00040 /* 00041 * SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED macro is a copy of corresponding #define from GenDefs.h. 00042 * Any change in #define for the macro in GenDefs.h must propogated to this header file too. We 00043 * duplicate this definition here due to the manner in which we distribute our code to partners; 00044 * we cannot include GenDefs.h from here. 00045 */ 00046 #if defined(_WIN32) || defined(_WIN32_WCE) || defined(PLATFORM_DARWIN) || defined(PLATFORM_LINUX) || defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN) 00047 #define SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED 00048 #endif 00049 00050 /* 00051 * HOST_DATA_SUPPORTED macro is a copy of corresponding #define from GenDefs.h. Any change 00052 * in #define for the macro in GenDefs.h must propogated to this header file too. We duplicate 00053 * this definition here due to the manner in which we distribute our code to partners; 00054 * we cannot include GenDefs.h from here. 00055 */ 00056 #if defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_CHROMEBOOK) 00057 #define HOST_DATA_SUPPORTED 00058 #endif 00059 00060 /* 00061 * MANUAL_PKCS12_IMPORT_SUPPORTED macro is a copy of corresponding #define from GenDefs.h. 00062 * Any change in #define for the macro in GenDefs.h must propogated to this header file too. 00063 * We duplicate this definition here due to the manner in which we distribute our 00064 * code to partners; we cannot include GenDefs.h from here. 00065 */ 00066 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) || defined(PRODUCT_TYPE_SSA) 00067 #define MANUAL_PKCS12_IMPORT_SUPPORTED 00068 #endif 00069 00070 /* 00071 * PROGRAM_DATA_IMPORT_SUPPORTED macro is a copy of corresponding #define from GenDefs.h. 00072 * Any change in #define for the macro in GenDefs.h must propogated to this header file too. 00073 * We duplicate this definition here due to the manner in which we distribute our 00074 * code to partners; we cannot include GenDefs.h from here. 00075 */ 00076 #if defined(PLATFORM_ANDROID) 00077 #define PROGRAM_DATA_IMPORT_SUPPORTED 00078 #endif 00079 00080 /* 00081 * CREDENTIAL_PREFILL_SUPPORTED macro is a copy of corresponding #define from GenDefs.h. 00082 * Any change in #define for the macro in GenDefs.h must propogated to this header file too. 00083 * We duplicate this definition here due to the manner in which we distribute our 00084 * code to partners; we cannot include GenDefs.h from here. 00085 */ 00086 #if defined(PLATFORM_ANDROID) 00087 #define CREDENTIAL_PREFILL_SUPPORTED 00088 #endif 00089 00090 #if defined(MANUAL_PKCS12_IMPORT_SUPPORTED) && !defined(__GENDEFS_H) 00091 #if defined(HAVE_STDINT_H) 00092 #include <stdint.h> 00093 #else 00094 typedef unsigned char uint8_t; 00095 #endif // HAVE_STDINT_H 00096 #endif // MANUAL_PKCS12_IMPORT_SUPPORTED 00097 00098 #include "api.h" 00099 #include "PreferenceUpdate.h" 00100 00101 #if defined(PLATFORM_WIN_APP) 00102 typedef unsigned char uint8_t; 00103 #endif 00104 00105 #if defined(HOST_DATA_SUPPORTED) 00106 #include "IHostData.h" 00107 #endif 00108 00109 #if defined(ANYCONNECT_USE_SNAK) 00110 #include "Utility/PluginLoader.h" 00111 #include "SNAK_CertPlugin.h" 00112 #include "SNAK_SocketPlugin.h" 00113 #include "SNAK_StoragePlugin.h" 00114 #endif 00115 00116 class ConnectPromptInfo; 00117 class ConnectMgr; 00118 class MsgWithArg; 00119 class VPNStats; 00120 class AgentIfc; 00121 class ProfileMgr; 00122 class ApiThread; 00123 class EventMgr; 00124 class PreferenceMgr; 00125 class PreferenceInfo; 00126 class UserPreferences; 00127 class CScriptingMgr; 00128 class CManualLock; 00129 class ProxyIfc; 00130 class CIpcMessage; 00131 class SCEPIfc; 00132 class CertObj; 00133 class CExecutionContext; 00134 class HostEntry; 00135 class CAppLog; 00136 00137 #if defined(CREDENTIAL_PREFILL_SUPPORTED) 00138 class CredentialPrefill; 00139 #endif 00140 00141 #if !defined(PLATFORM_APPLE_SSLVPN) 00142 class CStoragePath; 00143 #endif 00144 00145 #ifdef ANYCONNECT_USE_SNAK 00146 class PluginLoader; 00147 class SNAK_StoragePlugin; 00148 class SNAK_CertPlugin; 00149 class SNAK_SocketPlugin; 00150 class SNAK_DeviceInfoPlugin; 00151 class SNAKDeviceInfoPluginCBImpl; 00152 #endif // ANYCONNECT_USE_SNAK 00153 00154 #if defined(ANYCONNECT_USE_SNAK) || defined(PLATFORM_APPLE_SSLVPN) 00155 class ManagedCertificate; 00156 class ManagedCertHandle; 00157 #endif // ANYCONNECT_USE_SNAK || PLATFORM_APPLE_SSLVPN 00158 00159 #if defined(PROGRAM_DATA_IMPORT_SUPPORTED) 00160 class IACImporterAsync; 00161 class IACImporterAsyncCB; 00162 #endif 00163 00164 class VPN_VPNAPI ClientIfcBase : private IPreferenceUpdateCB 00165 { 00166 friend class EventMgr; 00167 00168 protected: 00169 00170 /** 00171 * Callback used to deliver new statistics related to the VPN 00172 * connection. 00173 * 00174 * When a connection is active, a new set of statistics is 00175 * delivered each second. 00176 * 00177 * @see resetStats(), stopStats() and startStats() 00178 * 00179 */ 00180 virtual void StatsCB(VPNStats &stats) = 0; 00181 00182 00183 /** 00184 * Callback used to deliver VPN state and state change string. 00185 * The stateString delivered by this method is localized. 00186 * 00187 * See the ::VPNState enum found in api.h for set of valid states. 00188 */ 00189 virtual void StateCB(const VPNState state, 00190 const VPNSubState subState, 00191 const tstring stateString) = 0; 00192 00193 00194 /** 00195 * If a banner needs to be acknowledged, this CB delivers the banner 00196 * to the client. 00197 * 00198 * NOTE: Connection establishment will block until the method 00199 * setBannerResponse() is called. 00200 * 00201 * In a GUI, a banner would typically be displayed in a modal dialog 00202 * with an accept or decline button selection. 00203 * 00204 * @see setBannerResponse() to set the user response to the banner. 00205 */ 00206 virtual void BannerCB(const tstring &banner) = 0; 00207 00208 /** 00209 * If a pre-connect reminder needs to be acknowledged, this CB delivers 00210 * the pre-connect reminder to the client. 00211 * 00212 * NOTE: Connection establishment will block until the method 00213 * setPreConnectReminderResponse() is called. 00214 * 00215 * In a GUI, a pre-connect reminder would typically be displayed in a modal 00216 * dialog with an OK button selection. 00217 * 00218 * @see setPreConnectReminderResponse() to set the user acknowledgement to 00219 * the pre-connect reminder message. 00220 */ 00221 virtual void PreConnectReminderCB(const tstring &rtstrPreConnectReminder); 00222 00223 /** 00224 * Messages are delivered via the NoticeCB and can come from multiple 00225 * sources. There are four message types (error, warning, info and 00226 * status). See the ::MessageType enum in api.h for the list. 00227 * 00228 * Clients using the API as an embedded application (not 00229 * user visible) might want to further characterize 00230 * messages. One option here is to use the AnyConnect message 00231 * catalog and assign message codes as the translations for 00232 * various messages. An application could then track messages based 00233 * on its own error code scheme. 00234 */ 00235 virtual void NoticeCB(const tstring ¬ice, 00236 const MessageType type, 00237 const bool bSensitive = false) = 0; 00238 00239 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) || defined(PLATFORM_CHROMEBOOK) 00240 virtual void CertBannerCB(const tstring &certBannerSummary, 00241 const uint32_t nCertBannerCertLen, 00242 const uint8_t *pCertBannerCertDer, 00243 const std::list<tstring> &confirmReasons, 00244 const std::list<CertConfirmReason> &confirmReasonEnums, 00245 bool bImportAllowed = true) = 0; 00246 #endif 00247 00248 /** 00249 * This CB would likely occur only during a connection when it was 00250 * detected that the software needed to be upgraded, or when Start 00251 * Before Logon (SBL) is being used. 00252 * 00253 * Unlike the other callback methods, this method provides a default 00254 * implementation (calling the system's exit() function). 00255 * If clients of the API wish to override this behavior, they are 00256 * responsible for ensuring that the current running process exits with 00257 * the return code specified by returnCode. 00258 * 00259 * <b>Caution</b>: IF YOU OVERRIDE THIS METHOD AND DO NOT EXIT WITH 00260 * THE PROPER CODE SOFTWARE UPDATE FUNCTIONALITY IN YOUR CLIENT WILL 00261 * BREAK 00262 */ 00263 virtual void ExitNoticeCB(const tstring &tstrNotice, 00264 const int returnCode); 00265 00266 00267 /** 00268 * Under normal operating conditions, this CB is called as soon 00269 * as the attach method completes. In case the service (vpn agent) 00270 * is not ready, this CB is not called until it is. 00271 * 00272 * Any API calls made prior to this CB being called will result in a 00273 * NoticeCB error message. 00274 */ 00275 virtual void ServiceReadyCB() = 0; 00276 00277 00278 00279 /** 00280 * This method supports prompting for single or multiple values. All 00281 * prompts are considered mandatory. 00282 * 00283 * The ConnectPromptInfo object contains a list of PromptEntry 00284 * instances. The labels and their default values (if any) can be 00285 * found in these instances. After the data has been collected from the user 00286 * it can be set into these same instances. When ready, the client 00287 * application should call the method UserSubmit() to have the 00288 * responses read by the API. 00289 */ 00290 virtual void UserPromptCB(ConnectPromptInfo &ConnectPrompt) = 0; 00291 00292 00293 /** 00294 * Use this method to provide Window Manager hints to GUI 00295 * applications. To receive these hints, the application must 00296 * identify itself as a GUI in the attach method. In addition, this 00297 * method should be overriden to receive any generated events. 00298 * 00299 * Event that can be received include those indicating that a user is 00300 * starting a second instance of the GUI application. This information 00301 * can be used to tell the already running application to un-minimize 00302 * itself and let the new program know that it should Quit (since a GUI 00303 * is already running). 00304 */ 00305 virtual void WMHintCB(const WMHint hint, 00306 const WMHintReason reason); 00307 00308 00309 /** 00310 * This method is useful when the connection to the secure gateway 00311 * has been established as part of a web-launch of the VPN tunnel. 00312 * 00313 * If the client application wishes to be notified of the secure 00314 * gateway to which the VPN has been established, this method should 00315 * be overriden. 00316 * 00317 * If the client application is started and a tunnel is already active, 00318 * this method also delivers the name of the secure gateway host. 00319 */ 00320 virtual void deliverWebLaunchHostCB(const tstring &activeHost); 00321 00322 /** 00323 * This method is called when the preference to block untrusted 00324 * servers is enabled and the current VPN server being connected 00325 * to is untrusted. Clients should present an error to the user 00326 * notifying them that the current connection to rtstrUntrustedServer 00327 * is being blocked. The client should also provide a way for the 00328 * user to change the preference to block untrusted servers. 00329 * 00330 * The user response must be indicated using setCertBlockedResponse 00331 */ 00332 virtual void CertBlockedCB(const tstring &rtstrUntrustedServer) = 0; 00333 00334 /** 00335 * This method is called when connections to untrusted VPN servers 00336 * is allowed by policies and the current VPN server being connected 00337 * to is untrusted. Clients should present a warning to the user 00338 * notifying them that the current connection to rtstrUntrustedServer 00339 * is unsafe. The reason the VPN server is untrusted is provided in 00340 * rltstrCertErrors. The client should provide a way for the user to 00341 * connect once, connect and always trust or cancel the connection. 00342 * If bAllowImport is set to false then the always trust option should 00343 * not be presented to users. 00344 * 00345 * The user response must be indicated using setCertWarningResponse 00346 */ 00347 virtual void CertWarningCB(const tstring &rtstrUntrustedServer, 00348 const std::list<tstring> &rltstrCertErrors, 00349 bool bAllowImport) = 0; 00350 00351 #if defined(PLATFORM_WIN_APP) 00352 /** 00353 * Same as above but also passes the Server certificate DER for details display 00354 */ 00355 virtual void CertWarningCB(const tstring &rtstrUntrustedServer, 00356 const std::list<tstring> &rltstrCertErrors, 00357 const std::vector<uint8_t> &rvServerCertDER, 00358 bool bAllowImport) = 0; 00359 #endif 00360 00361 /** 00362 * This method can be overriden if the client application wishes to 00363 * exercise some control over the delivery of events from the other 00364 * protected methods in this class. 00365 * 00366 * This might be necessary in cases where a GUI is being written and 00367 * the data from this API needs to be delivered in the GUI or main 00368 * thread. In this case, you should override this method and when it 00369 * is called by the API post an event to your event queue (message 00370 * pump, etc.). After this event executes in your GUI or main thread, 00371 * call the method ClientIfc::ProcessEvents to have events delivered 00372 * to your client application. 00373 */ 00374 virtual void EventAvailable(); 00375 00376 #ifdef MANUAL_PKCS12_IMPORT_SUPPORTED 00377 virtual void ImportPKCS12ResultCB(const std::vector<uint8_t> &certHash, const tstring &tstrError); 00378 #endif 00379 #ifdef PLATFORM_ANDROID 00380 virtual void ClientCertificateCB(std::vector< std::pair<uint32_t, uint8_t*> > certList) = 0; 00381 virtual void AgentDetachedCB(); 00382 #endif 00383 00384 AgentIfc &getAgentIfc(); 00385 00386 ClientIfcBase(); 00387 00388 00389 public: 00390 00391 virtual bool attach(ClientType clientType = ClientType_GUI, 00392 bool requestFullCapabilities = true, 00393 bool suppressAutoConnect = true); 00394 00395 virtual void detach(); 00396 00397 virtual void ProcessEvents(); 00398 00399 virtual bool hasFullCapabilities(); 00400 00401 virtual bool isConnected(); 00402 00403 virtual bool isAvailable(); 00404 00405 virtual std::list<tstring> getHostNames(); 00406 00407 virtual std::list<HostEntry> getHostEntries(); 00408 00409 virtual tstring getDefaultHostName(); 00410 00411 #if defined(HOST_DATA_SUPPORTED) 00412 virtual bool connect(const IHostData& hostData); 00413 00414 bool connect(const IHostData& hostData, 00415 unsigned int origin); 00416 #else 00417 virtual bool connect(tstring host); 00418 00419 bool connect(tstring host, 00420 unsigned int origin); 00421 #endif 00422 00423 virtual bool setNewTunnelGroup(const tstring & group); 00424 00425 virtual void disconnect(); 00426 00427 virtual void cancel(); 00428 00429 virtual void resetStats(); 00430 00431 virtual void getState(); 00432 00433 VPNState getCurrentState(); 00434 VPNSubState getCurrentSubState(); 00435 VPNSubState getPreviousSubState(); 00436 00437 tstring getStateText(); 00438 static tstring getNoticeTypeText(MessageType msgType); 00439 00440 static tstring getStateText(VPNState state, 00441 VPNSubState subState = VPNSS_NORMAL, 00442 NETENV_STATE netEnvState = NES_NETWORK_ACCESSIBLE, 00443 const tstring& tstrConnectedHost = tstring()); 00444 00445 void setNetworkStates(NETENV_STATE netEnvState, 00446 NETCTRL_STATE netCtrlState, 00447 NETWORK_TYPE netType, 00448 bool bACBrowserForCPRemediation, 00449 bool bUpdateUI); 00450 void refreshOperatingModeForCurrentNetStates(); 00451 NETENV_STATE getCurrentNetEnvState(); 00452 NETENV_STATE getPreviousNetEnvState(); 00453 NETCTRL_STATE getCurrentNetCtrlState(); 00454 NETWORK_TYPE getCurrentNetType(); 00455 bool isACBrowserForCPRemediation(); 00456 00457 static tstring getNetCtrlText(NETCTRL_STATE netCtrlState); 00458 static tstring getNetEnvText(NETENV_STATE netEnvState, 00459 bool bSimple = false); 00460 static tstring getNetTypeText(NETWORK_TYPE netType); 00461 static tstring getQuarantinedStatusText(); 00462 static tstring getNetworkStatusSimpleText(const NETENV_STATE netEnvState, 00463 const NETCTRL_STATE netCtrlState); 00464 00465 // can't be static due to requiring operating mode information 00466 tstring getNetworkStatusText(const VPNState state, 00467 const VPNSubState subState, 00468 const NETENV_STATE netEnvState, 00469 const NETCTRL_STATE netCtrlState); 00470 00471 PreferenceInfo &getPreferences(); 00472 00473 bool savePreferences(); 00474 00475 virtual void startStats(); 00476 00477 virtual void stopStats(); 00478 00479 virtual void UserSubmit(); 00480 00481 void setBanner(const tstring &banner); 00482 void setBannerResponse(bool bResponse); 00483 00484 void setPreConnectReminder(const tstring &tstrPreConnectReminder); 00485 void setPreConnectReminderResponse(); 00486 00487 bool getUserResponse(); 00488 bool isUserResponseSet(); 00489 00490 void setCertBlocked(const tstring &tstrUntrustedServer); 00491 void setCertWarning(const tstring &rtstrUntrustedServer, 00492 const std::list<tstring> &rltstrCertErrors, 00493 bool bAllowImport); 00494 #if defined(PLATFORM_WIN_APP) 00495 void setCertWarning(const tstring &rtstrUntrustedServer, 00496 const std::list<tstring> &rltstrCertErrors, 00497 const std::vector<uint8_t>& rvServerCertDER, 00498 bool bAllowImport); 00499 #endif 00500 bool getCertImportResponse(); 00501 00502 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) || defined(PLATFORM_CHROMEBOOK) 00503 void setCertBanner(tstring tstrCertBannerSummary, 00504 uint32_t nCertBannerCertLen, 00505 const uint8_t *pCertBannerCertDer, 00506 const std::list<tstring> &confirmReasons, 00507 const std::list<CertConfirmReason> &confirmReasonEnums, 00508 bool bImportAllowed); 00509 00510 void setCertBannerResponse(bool bResponse, bool bImportCert); 00511 void importServerCert(std::vector<uint8_t> certData); 00512 bool setFipsMode(bool bEnableFips); 00513 #if defined(PLATFORM_ANDROID) 00514 bool setStrictMode(bool bEnableStrictMode); 00515 bool setRevocationEnabled(bool bRevocationEnabled); 00516 bool IsRevocationEnabled(); 00517 #endif // currently supported only for android 00518 #endif 00519 00520 void setUserPrompt(ConnectPromptInfo &ConnectPrompt); 00521 00522 #ifdef PLATFORM_ANDROID 00523 void setClientCertResponse(std::vector< std::pair<uint32_t, uint8_t*> > &derList); 00524 void setAgentDetached(); 00525 bool getClientCertificates(); 00526 #endif 00527 00528 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) 00529 void setSCEPEnrollInProgress(bool bInProgress); 00530 bool isSCEPEnrollInProgress(); 00531 #endif // PLATFORM_APPLE_SSLVPN || PLATFORM_ANDROID 00532 00533 #ifdef MANUAL_PKCS12_IMPORT_SUPPORTED 00534 void setImportPKCS12Result(const std::vector<uint8_t> &certHash, const tstring &tstrError); 00535 bool requestImportPKCS12(const std::vector<uint8_t> &data); 00536 std::vector<uint8_t> importPKCS12WithPassword(const std::vector<uint8_t> &data, const tstring &password); 00537 #endif 00538 00539 void setCertBlockedResponse(bool bUnlock); 00540 void setCertWarningResponse(bool bConnect, bool bImportCert); 00541 00542 void insertStateToConnectPrompt(ConnectPromptInfo &ConnectPrompt); 00543 00544 void ExitNotice(const tstring &tstrNotice, const int code = 0); 00545 00546 void notice(const tstring &tstrNotice, 00547 const MessageType type = MsgType_Info, 00548 bool bClearLastMsg = false, 00549 bool bForce = false, 00550 bool bStateMsg = false, 00551 bool bSensitiveMsg = false); 00552 00553 void notice(MsgWithArg ¬ice, 00554 const MessageType type = MsgType_Info, 00555 bool bClearLastMsg = false, 00556 bool bForce = false, 00557 bool bStateMsg = false, 00558 bool bSensitiveMsg = false); 00559 00560 void getStats(void); 00561 00562 void setStats(VPNStats &stats); 00563 00564 void exportStats(const tstring &tstrFilePath); 00565 00566 void setState(VPNState state, 00567 VPNState previousState, 00568 VPNSubState subState = VPNSS_NORMAL, 00569 bool bUpdateStateMsg = true, 00570 bool bOnlyUpdateUI = false); 00571 00572 #ifdef PROGRAM_DATA_IMPORT_SUPPORTED 00573 IACImporterAsync *createACImporter(IACImporterAsyncCB *pCallback); 00574 #endif 00575 00576 void setWMHint(WMHint hint, 00577 WMHintReason reason); 00578 00579 bool isLastConnectType (const ConnectPromptType connPromptType); 00580 00581 bool isOperatingMode(OperatingMode opMode); 00582 void setOperatingMode(OperatingMode opMode); 00583 void unsetOperatingMode(OperatingMode opMode); 00584 00585 bool CanRemediateCaptivePortal(); 00586 bool policyAllowsCaptivePortalRemediation(); 00587 00588 bool isEventShutdown(); 00589 00590 bool isUsingEventModel(); 00591 00592 time_t getLastDisconnectTime(); 00593 00594 ConnectPromptInfo getConnectPromptInfo(); 00595 void resetConnectPromptPasswordData(); 00596 00597 void setStandaloneConnection(bool isStandalone); 00598 00599 void deliverActiveHost(const tstring &activeHost, 00600 ConnectProtocolType vpnProtocol = PROTOCOL_TYPE_UNKNOWN, 00601 bool bActiveHostFriendlyName = false); 00602 00603 bool isVPNServiceReady(); 00604 00605 // reset last disconnect time indicator. 00606 // 00607 void resetLastDisconnectTime(time_t time = 1); 00608 00609 void processMinimize(); 00610 00611 // cert enrollment 00612 void setEnrollClientCert(CertObj* pCert); 00613 00614 // Show user banner for cert import warning on linux 00615 // SCEPIfc to ConnectMgr 00616 void linuxCertImportWarnUser(); 00617 00618 // Response to cert warning on linux 00619 // ConnectMgr to SCEPIfc 00620 void linuxCertImportWarnUserResponse(bool bAccept); 00621 00622 void setDefaultHost(tstring &host); 00623 00624 #if defined(HOST_DATA_SUPPORTED) 00625 void setDefaultHostProfile(const IHostData &hostProfile); 00626 IHostData* getDefaultHostData(); 00627 #endif // HOST_DATA_SUPPORTED 00628 00629 void setLastVpnError(VPNError vpnError); 00630 VPNError getLastVpnError(); 00631 00632 #ifdef PLATFORM_ANDROID 00633 bool requestClientCertificates(); 00634 #endif 00635 00636 bool requestImportLocalization(const tstring tstrLocale, 00637 const std::vector<unsigned char> &MoFileData); 00638 00639 // Start the Automatic Headend Selection operation 00640 void startAHS(const unsigned int uiReason, 00641 const ProxyIfc& proxy); 00642 // statusReturnCode is a long to match the current type of STATUSCODE. 00643 // It is not using a STATUSCODE directly so that we do not have to 00644 // expose the header files for STATUSCODEs to ClientIfcBase.h 00645 void AHSSelectedHost(const unsigned int uiReason, 00646 const std::vector<tstring> &headendList, 00647 const long statusReturnCode, 00648 const tstring& extraInfo); 00649 std::vector<tstring> getAHSHostList(); 00650 unsigned int getAHSState(); 00651 bool isAHSHasRun(); 00652 00653 bool suppressConnectionErrorPopups(); 00654 00655 tstring getCaptivePortalDetectedMsg(); 00656 00657 void setProxyAuthPrompts(ProxyIfc* pProxy, 00658 const tstring& promptMsg); 00659 00660 #if defined(INTERPROCESS_COMMUNICATION_SUPPORTED) 00661 bool handleIpcMessage(CIpcMessage *pIpcMessage); 00662 #endif 00663 bool IsCsdTokenVerified() const; 00664 00665 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) 00666 virtual void SCEPEnrollStartCB(); 00667 virtual void SCEPEnrollExitCB(); 00668 #endif // PLATFORM_APPLE_SSLVPN || PLATFORM_ANDROID 00669 00670 void activateConnectMgrTunnelInitiationCompletionEvent(); 00671 bool isConnectRequestActive(); 00672 #if defined(PLATFORM_ANDROID) || defined(PLATFORM_CHROMEBOOK) 00673 bool deleteProfileByName(const tstring &profileName); 00674 tstring getProfileContents(const tstring &profileName); 00675 bool importProfile(const tstring &profileName, const tstring &profileContents); 00676 #endif // PLATFORM_ANDROID || PLATFORM_CHROMEBOOK 00677 00678 bool syncProfileChange(const tstring &profileName); 00679 00680 #if defined(CREDENTIAL_PREFILL_SUPPORTED) 00681 bool hasPrefilledCredentials(); 00682 bool prefillCredentials(ConnectPromptInfo &connectPrompt); 00683 void setPrefilledCredentials(CredentialPrefill *prefill); 00684 #endif 00685 00686 #if defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN) 00687 std::list<ManagedCertificate *> enumerateCertificates(CertificateType certType); 00688 bool deleteCertificates(CertificateType certType, const std::list<std::string> &idList); 00689 bool deleteServerCertificates(const std::list<std::string> &idList); 00690 #endif // ANYCONNECT_USE_SNAK || PLATFORM_APPLE_SSLVPN 00691 00692 #if defined(ANYCONNECT_USE_SNAK) 00693 std::list<ManagedCertificate *> enumerateSNAKCertificates(SNAK_CertType certType); 00694 SNAK_CertType getSNAKCertType(CertificateType certType); 00695 bool deleteClientCertificates(const std::list<std::string> &idList); 00696 #endif // ANYCONNECT_USE_SNAK 00697 00698 #if defined(PLATFORM_APPLE_SSLVPN) 00699 bool canUseBackupServers(); 00700 00701 #endif //PLATFORM_APPLE_SSLVPN 00702 00703 virtual ~ClientIfcBase(); 00704 00705 tstring getConnectHost(); 00706 00707 tstring getMgmtTunnelHostname(); 00708 00709 VPN_TUNNEL_SCOPE getVpnTunnelScope(); 00710 00711 bool isStandaloneConnection(); 00712 00713 void sendSSoLogoutPrompt(ConnectPromptInfo &cpi); 00714 00715 void setExternalSSOLogoutUrlFromAgent(const tstring& logoutUrl); 00716 00717 private: 00718 00719 // 00720 // Private Member Data 00721 // 00722 00723 CExecutionContext* m_pExecutionContext; 00724 CExecutionContext* m_pExecutionContextMgr; 00725 00726 AgentIfc *mo_AgentIfc; 00727 00728 ConnectMgr *mo_ConnectMgr; 00729 00730 ApiThread *mo_ConnectThread; 00731 00732 EventMgr *mo_EventMgr; 00733 00734 PreferenceMgr *mo_PreferenceMgr; 00735 00736 ConnectPromptInfo *mp_currentConnectPromptInfo; 00737 00738 PreferenceInfo *mo_EditablePrefs; 00739 00740 #if defined(SCRIPTING_SUPPORTED) 00741 CScriptingMgr *mo_ScriptingMgr; 00742 #endif // SCRIPTING_SUPPORTED 00743 00744 #if defined(SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED) 00745 SCEPIfc* m_pSCEPIfc; 00746 bool m_bInformedAgentOfSCEP; 00747 #endif // SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED 00748 #ifndef PLATFORM_APPLE_SSLVPN 00749 CStoragePath* m_pStoragePath; 00750 #endif // !PLATFORM_APPLE_SSLVPN 00751 00752 #ifdef ANYCONNECT_USE_SNAK 00753 PluginLoader *m_pPluginLoader; 00754 SNAK_CertPlugin *m_pSNAKCert; 00755 SNAK_SocketPlugin *m_pSNAKSocket; 00756 SNAK_StoragePlugin *m_pSNAKStorage; 00757 SNAK_DeviceInfoPlugin *m_pSNAKDeviceInfo; 00758 SNAKDeviceInfoPluginCBImpl *m_pSNAKDeviceInfoCB; 00759 00760 bool mb_SNAKInitialized; 00761 #endif 00762 00763 #if defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN) 00764 bool mb_SCEPEnrollInProgress; 00765 #endif // PLATFORM_ANDROID || PLATFORM_APPLE_SSLVPN 00766 00767 bool mb_PreferenceMgrCreated; 00768 bool mb_StandaloneConnection; 00769 bool mb_UsingEventModel; 00770 bool mb_UserResponse; 00771 bool mb_IsUserResponseSet; 00772 bool mb_PerformedAutoCertEnrollment; 00773 tstring ms_PostEnrollmentConnectHost; 00774 bool mb_CaptivePortalMsgDisplayed; 00775 bool m_bSuppressMinimizeOnConnect; 00776 bool m_bSuppressConnectionErrorPopups; 00777 bool m_bLastConnectionAutomatic; 00778 bool m_bImportCertResp; 00779 bool m_bPrevMsgWasStateMsg; 00780 00781 unsigned int mui_OperatingMode; 00782 NETENV_STATE m_currentNetEnvState; 00783 NETENV_STATE m_previousNetEnvState; 00784 NETCTRL_STATE m_currentNetCtrlState; 00785 NETWORK_TYPE m_currentNetType; 00786 bool m_bACBrowserForCPRemediation; 00787 00788 tstring ms_message; 00789 00790 time_t m_disconnectTime; 00791 00792 static std::string ms_ThreadName; 00793 00794 CManualLock* m_pClientIfcStateLock; 00795 CManualLock* m_pClientIfcLock; 00796 CManualLock* m_pClientIfcPromptsLock; 00797 CManualLock* m_pClientIfcOpModeLock; 00798 CManualLock* m_pClientIfcAHSLock; 00799 CManualLock* m_pClientIfcConnectModeLock; 00800 CManualLock* m_pClientIfcInformAgentOfSCEPLock; 00801 00802 std::vector<tstring> msl_AHSSelectedHosts; 00803 ApiThread* m_pAHSThread; 00804 unsigned int m_uiAHSState; 00805 #if defined(CREDENTIAL_PREFILL_SUPPORTED) 00806 CredentialPrefill* m_pCredentialPrefill; 00807 #endif 00808 00809 // m_AppLogStatus is a long to match the current type of STATUSCODE. It is not using the 00810 // type of STATUSCODE directly to not expose the header files for STATUSCODE here. 00811 long m_AppLogStatus; 00812 std::unique_ptr<CAppLog> m_upAppLogger; 00813 00814 VPNError m_lastVpnError; 00815 00816 static volatile bool mb_deleteFirstPass; 00817 00818 // 00819 // Private Member Methods 00820 // 00821 00822 ConnectMgr &getConnectMgr(); 00823 00824 ProfileMgr &getProfileMgr(); 00825 UserPreferences &getUserPreferences(); 00826 00827 void displayAgentAttachMessage(); 00828 00829 void setLastDisconnectTime(time_t time); 00830 00831 void setCurrentStatePrompts(const VPNState state, 00832 const VPNState prevState, 00833 const VPNSubState subState, 00834 const bool bUpdateStateMsg); 00835 void setCurrentStateErrorMessage(VPNState state, CONNECT_FAILURE_REASON cfr); 00836 void getStateMessage(const VPNState state, 00837 const VPNState prevState, 00838 const VPNSubState subState, 00839 const NETENV_STATE neState, 00840 /*out*/ MsgWithArg& stateMessage); 00841 00842 // IPreferenceUpdateCB methods 00843 virtual void OnLoadPreferencesComplete(); 00844 virtual bool IsPreferenceOverridable(const PreferenceId ePreferenceId); 00845 virtual void OverridePreferenceValue(const PreferenceId ePreferenceId, 00846 tstring& rPrefenceValue, 00847 bool& rbOverriden); 00848 00849 void RefreshPreferences(void); 00850 00851 void displayAHSPrompt(const bool isComplete); 00852 void handleAHSPreferences(const unsigned int uiReason); 00853 void setAHSState(const unsigned int ahsState); 00854 00855 bool autoConnectIfEnabled(const bool suppressAutoConnect); 00856 00857 void clearUserSetResponseFlag(); 00858 00859 bool decodeSSOToken(); 00860 00861 #if defined(SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED) 00862 bool processSCEPIpcMessage(CIpcMessage *pIpcMessage); 00863 bool isSCEPRedirect(); 00864 void processSCEPRedirect(); 00865 #endif // SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED 00866 00867 bool hasConnectCapabilities(); 00868 bool hasMgmtCapabilities(); 00869 00870 ClientIfcBase(const ClientIfcBase& other); 00871 ClientIfcBase& operator=(const ClientIfcBase& other); 00872 00873 #ifdef ANYCONNECT_USE_SNAK 00874 bool initializeSNAK(bool bUseExistingInstanceIfAvail); 00875 void destroySNAK(); 00876 ManagedCertificate *convertSnakToManagedCertificate(const ManagedCertHandle &snakCert); 00877 #endif 00878 }; 00879 00880 00881 #endif // _CLIENTIFCBASE_