 |
AnyConnect Secure Mobility Client 5.0.02075
|
|
AnyConnect Secure Mobility Client 5.0.02075
|
00001 /************************************************************************** 00002 * Copyright (c) 2008, 2022 Cisco Systems, Inc. 00003 * All Rights Reserved. Cisco Highly Confidential. 00004 *************************************************************************** 00005 * 00006 * File: api.h 00007 * Date: 01/2008 00008 * 00009 *************************************************************************** 00010 * VPN GUI API module interface types 00011 ***************************************************************************/ 00012 #ifndef _APISTDHEADER_ 00013 #define _APISTDHEADER_ 00014 00015 /** 00016 * @file 00017 * This file contains some basic compiler definitions as well as common enums. 00018 */ 00019 00020 //Not compatible with MIDL 00021 #if !defined(__midl) 00022 #ifdef _WIN32 00023 #pragma warning(disable:4251 4786) 00024 00025 #ifndef UNICODE 00026 #define UNICODE 00027 #endif // UNICODE 00028 00029 #ifndef _UNICODE 00030 #define _UNICODE 00031 #endif // _UNICODE 00032 00033 #ifndef tstring 00034 /** std::wstring */ 00035 #define tstring std::wstring /**< my wstring description */ 00036 #endif // tstring 00037 00038 #else // non-windows 00039 00040 #ifndef tstring 00041 #define tstring std::string 00042 #endif // tstring 00043 00044 #endif // _WIN32 00045 00046 #ifdef _UNICODE 00047 #define tostream std::wostream 00048 #else 00049 #define tostream std::ostream 00050 #endif /* UNICODE */ 00051 00052 00053 //used when including implementation files directly in an EXE. 00054 #ifdef _NOEXPORTDLL 00055 #define VPN_VPNAPI 00056 #else 00057 #ifdef _WIN32 00058 #ifdef VPN_APIEXPORTS //api 00059 #define VPN_VPNAPI __declspec(dllexport) 00060 #else 00061 #define VPN_VPNAPI __declspec(dllimport) 00062 #endif 00063 #else 00064 #ifdef VPN_APIEXPORTS 00065 #define VPN_VPNAPI __attribute__((visibility("default"))) 00066 #else 00067 #define VPN_VPNAPI 00068 #endif 00069 #endif //_WIN32 00070 #endif //NOEXPORTDLL 00071 00072 #ifndef OUT 00073 #define OUT 00074 #endif 00075 00076 #ifndef IN 00077 #define IN 00078 #endif 00079 00080 #ifdef __cplusplus //only include if C++ is being used, 00081 //C code also includes api.h for COM proxy of enumerators. 00082 #include <string> 00083 #include <map> 00084 #include <list> 00085 00086 typedef std::map<tstring, tstring> ApiStringMap; 00087 typedef std::map<tstring, std::list<tstring> > ApiStringListMap; 00088 00089 #endif //__cplusplus 00090 #endif //#if !defined(__midl) 00091 00092 00093 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\ 00094 ********* make sure to add the [v1_enum] inside a __midl define to new enums ******** 00095 \******************** This is also compiled with IDL compiler **********************/ 00096 00097 #include "GlobalEnums.h" 00098 /** 00099 * MessageType 00100 * presents a level of severity associated with messages that are 00101 * sent to the API. The severity can be useful for deciding how a message is 00102 * to be shown. A UI might decide based on type to show a message as 00103 * a modal dialog versus a message written to the status area for an existing UI. 00104 */ 00105 #if defined(__midl) 00106 [v1_enum] /*serialize as 32 bits*/ 00107 #endif 00108 enum MessageType 00109 { 00110 MsgType_Error, /**< Issue usually requiring user to acknowledge */ 00111 MsgType_Alert, /**< Warning message that must be shown to user. */ 00112 MsgType_Warn, /**< Less severe, not required to be shown to user */ 00113 MsgType_Info, /**< General message providing status, progress, etc. */ 00114 MsgType_Status, /**< Can be used to indicate unexpected tunnel status change. */ 00115 MsgType_UrlError, /**< Error message that provides additional information by opening browser. */ 00116 MsgType_Announcement, /**< Informational message that must be shown to the user. */ 00117 // Announcement is presently only used and supported on desktop platforms. 00118 }; 00119 00120 00121 /** 00122 * Identifies the type of token that was used successfully when SDI 00123 * Authentication is in use. 00124 */ 00125 #if defined(__midl) 00126 [v1_enum] /*serialize as 32 bits*/ 00127 #endif 00128 enum SDITokenType 00129 { 00130 SDITT_NONE, 00131 SDITT_HARDWARE, 00132 SDITT_SOFTWARE 00133 }; 00134 00135 /** 00136 * Provides the current state of the VPN tunnel. 00137 */ 00138 #if defined(__midl) 00139 [v1_enum] /*serialize as 32 bits*/ 00140 #endif 00141 enum VPNState 00142 { 00143 CONNECTED = STATE_CONNECTED, /**< VPN is active */ 00144 DISCONNECTED = STATE_DISCONNECTED, /**< VPN is inactive */ 00145 CONNECTING = STATE_CONNECTING, /**< VPN is being established */ 00146 DISCONNECTING = STATE_DISCONNECTING, /**< VPN is being terminated */ 00147 RECONNECTING = STATE_RECONNECTING, /**< VPN is being re-connected. This state 00148 can occur due to network or other 00149 temporary problems. The state 00150 indicates that the VPN is temporarily 00151 unavailable and indicates the 00152 connection is being re-established. */ 00153 PAUSING = STATE_PAUSING, /**< VPN is being paused. */ 00154 PAUSED = STATE_PAUSED, /**< VPN is paused. */ 00155 SSOPOLLING = STATE_SSOPOLLING, /**< API is doing auth-poll, VPN is disconnected. */ 00156 UNKNOWN = ~0 00157 }; 00158 00159 /** 00160 * Provides the current sub-state of the VPN tunnel. 00161 */ 00162 #if defined(__midl) 00163 [v1_enum] /*serialize as 32 bits*/ 00164 #endif 00165 enum VPNSubState 00166 { 00167 VPNSS_NORMAL = VCSS_NORMAL, 00168 VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY, 00169 VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING, 00170 VPNSS_MT_DISCONNECTED_DISABLED = VCSS_MT_DISCONNECTED_DISABLED, 00171 VPNSS_MT_DISCONNECTED_TRUSTED_NW = VCSS_MT_DISCONNECTED_TRUSTED_NW, 00172 VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE, 00173 VPNSS_MT_DISCONNECTED_LAUNCH_FAILED = VCSS_MT_DISCONNECTED_LAUNCH_FAILED, 00174 VPNSS_MT_DISCONNECTED_CONNECT_FAILED = VCSS_MT_DISCONNECTED_CONNECT_FAILED, 00175 VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG, 00176 VPNSS_MT_DISCONNECTED_SW_UP_PENDING = VCSS_MT_DISCONNECTED_SW_UP_PENDING, 00177 VPNSS_MTU_ADJUSTMENT_PENDING = VCSS_MTU_ADJUSTMENT_PENDING 00178 }; 00179 00180 /** 00181 * WMHint 00182 * provides a hint for the GUI to either minimize or un-minimize. 00183 */ 00184 #if defined(__midl) 00185 [v1_enum] /*serialize as 32 bits*/ 00186 #endif 00187 enum WMHint 00188 { 00189 MINIMIZE, /**< hint to minimize GUI */ 00190 OPEN, /**< hint to un-minimize GUI */ 00191 QUIT, /**< hint that GUI should close. @see WMHintReason */ 00192 REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */ 00193 REFRESHPREFS, /**< hint to refresh the preferences */ 00194 SHOWCONNECTING, /**< hint to display "connecting" status */ 00195 CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */ 00196 }; 00197 00198 00199 /** 00200 * WMHintReason 00201 * provides a reason indicator for the #WMHint 00202 */ 00203 #if defined(__midl) 00204 [v1_enum] /*serialize as 32 bits*/ 00205 #endif 00206 enum WMHintReason 00207 { 00208 SECONDGUISTART, /**< Indicates a second GUI has been launched. This 00209 indicator is used to suggest that the GUI 00210 already running be OPENed and that the first one 00211 should exit. */ 00212 PROXYREQUEST, /**< Proxy credential request can be for web-launch or 00213 standalone-initiated connections. */ 00214 SERVICEFAILURE, /**< This tag is used when the VPN service 00215 is no longer available. */ 00216 DISCONNECT, /**< Any disconnect notices should be seen by the user. */ 00217 SERVICESTOPPED, /**< This tag will be used in cases where the VPN service 00218 has been stopped. */ 00219 CONNECT, /**< Tag indicating an action to be taken due to connect, 00220 for example a request to minimize the UI. */ 00221 REASONUNKNOWN /**< */ 00222 }; 00223 00224 /** 00225 * provides an indication of the type of credential data being requested. 00226 */ 00227 #if defined(__midl) 00228 [v1_enum] /*serialize as 32 bits*/ 00229 #endif 00230 enum ConnectPromptType 00231 { 00232 CERTIFICATE, /**< Indicates a certificate-only type of connection and 00233 would not normally be sent to client unless a 00234 post-authentication banner is to be displayed. */ 00235 CREDENTIALS, /**< Indicates that the user is to be prompted for authentication 00236 credentials */ 00237 PROXY, /**< Indicates that the user is to be prompted for 00238 proxy-authentication credentials */ 00239 MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related 00240 to PKCS12 import*/ 00241 STATUS, /**< Indicates that status messages are to be displayed to 00242 the user*/ 00243 SINGLESIGNON, /**< Indicates an embedded browser based single sign-on authentication method is requested. */ 00244 SINGLELOGOUT, /**< Indicates an embedded browser based single sign-on authentication logout is requested. */ 00245 LEGACY_SINGLESIGNON, /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */ 00246 }; 00247 00248 00249 /** 00250 * Indicates the prompt or credential type. 00251 */ 00252 #if defined(__midl) 00253 [v1_enum] /*serialize as 32 bits*/ 00254 #endif 00255 enum PromptType { Prompt_Input, /**< label and value. */ 00256 Prompt_Password, /**< label and value, indicates user 00257 response should be masked. */ 00258 Prompt_Banner, /**< value (the banner) with no label set. */ 00259 Prompt_Combo, /**< list with choices options. */ 00260 Prompt_Header, /**< label intended as header and with 00261 value. */ 00262 Prompt_Hidden, /**< hidden value, should be ignored and 00263 left unchanged in response. */ 00264 Prompt_CheckBox, /**< label and value (contrained to true or false) */ 00265 Prompt_SSO /**< single sign-on authentication token prompt */ 00266 }; 00267 00268 #if defined(__midl) 00269 [v1_enum] /*serialize as 32 bits*/ 00270 #endif 00271 00272 /* 00273 * ***************** !!! ATTENTION !!! *********************************** 00274 * * 00275 * * When updating this preference enum, you must ensure that the enum in 00276 * * vpn/Api/jni/java/Preference.java is also updated. 00277 * * 00278 * ***************** !!! ATTENTION !!! *********************************** 00279 */ 00280 enum PreferenceId 00281 { 00282 ServiceDisable, /**< This preference disable the VPN service. 00283 If more than one profile exists and any one 00284 profile has VPN enabled, then it will be 00285 enabled. False is the default. */ 00286 CertificateStoreOverride,/**< This preference will trigger an alternate 00287 authentication sequence in the API. The 00288 preference is only settable by an 00289 administrator. */ 00290 CertificateStore, /**< This preference indicates which Windows certificate 00291 store AnyConnect should look in for client certificates. 00292 The options are All, Machine and User with a default of All. 00293 The preference is only settable by an administrator. */ 00294 CertificateStoreMac, /**< This preference indicates which macOS keychain 00295 AnyConnect should look in for client certificates. 00296 The options are All, System and Login with a default of All. 00297 The preference is only settable by an administrator. */ 00298 CertificateStoreLinux, /**< This preference indicates which Linux certificate 00299 store AnyConnect should look in for client certificates. 00300 The options are All, Machine and User with a default of All. 00301 The preference is only settable by an administrator. */ 00302 ShowPreConnectMessage, /**< The ShowPreConnectMessage preference gives the 00303 administrator the ability to display an AnyConnect 00304 startup banner message. The message will appear 00305 only once per AnyConnect program start. The 00306 preference is only settable by an 00307 administrator. */ 00308 AutoConnectOnStart, /**< This preference allows the user to select 00309 whether to establish a connection automatically 00310 on startup or not. */ 00311 MinimizeOnConnect, /**< This preference allows the user to select if 00312 the GUI should minimize when the connection is 00313 established */ 00314 LocalLanAccess, /**< This preference will provide a mechanism where 00315 the user can disable access to their Local LAN. */ 00316 DisableCaptivePortalDetection, /**<This preference will provide a mechanism where 00317 the user can disable captive portal detection.*/ 00318 AutoReconnect, /**< First control of the reconnect behavior. If the 00319 client becomes disconnected for any reason, a 00320 reconnect attempt is made. */ 00321 AutoReconnectBehavior, /**< Second control of the reconnect behavior. When 00322 coming out of suspend/hibernate/standby mode. 00323 Options are disconnect on suspend and reconnect 00324 after suspend. */ 00325 SuspendOnConnectedStandby, /**< This setting allows to control whether the VPN tunnel 00326 is suspended when the system enters the Connected Standby 00327 mode. It applies only to Windows 8 and above. */ 00328 UseStartBeforeLogon, /**< This preference allows an administrator to 00329 control the use of the Start Before Logon 00330 feature. The preference can be set to true (on) 00331 or false (off). */ 00332 AutoUpdate, /**< Once the Downloader has loaded the profile, it 00333 can check the AutoUpdate preference to see if 00334 updates are either disabled or enabled */ 00335 RSASecurIDIntegration, /**< This preference will enable the administrator 00336 and possibly end user to select the preferred 00337 method of managing their SDI PIN and PASSCODE 00338 interactions. Options are Automatic (default), 00339 SoftwareTokens and HardwareTokens. */ 00340 WindowsLogonEnforcement,/**< This preference allows an administrator to 00341 control if more than one user may be logged into 00342 the client PC during the VPN connection (Windows 00343 only). */ 00344 WindowsVPNEstablishment,/**< This preference allows an administrator to 00345 control whether or not remote users may initiate 00346 a VPN connection (Windows only). */ 00347 LinuxLogonEnforcement, /**< This preference allows an administrator to 00348 control if more than one user may be logged into 00349 the client PC during the VPN connection (Linux 00350 only). */ 00351 LinuxVPNEstablishment, /**< This preference allows an administrator to 00352 control whether or not remote users may initiate 00353 a VPN connection (Linux only). */ 00354 ProxySettings, /**< This preference allows an administrator to 00355 control how user's proxy setups are handled.*/ 00356 AllowLocalProxyConnections, /**< This preference allows the administrator to control 00357 whether to allow establishing a connection through 00358 a local proxy. */ 00359 PPPExclusion, /**< This preference allows an administrator to control 00360 the policy used to exclude routes to 00361 PPP servers when connecting over L2TP or PPTP. 00362 Options are Automatic (default), Disable, 00363 and Override. */ 00364 PPPExclusionServerIP, /**< When PPPExclusion is set to Manual, 00365 the value of this preference allows an 00366 end user to specify the address of a 00367 PPP server that should be excluded 00368 from tunnel traffic. */ 00369 AutomaticVPNPolicy, /**< This preference allows an administrator to 00370 define a policy to automatically manage when a 00371 VPN connection should be started or stopped. */ 00372 TrustedNetworkPolicy, /**< This preference allows an administrator to 00373 define a policy for users in trusted networks. 00374 The options are: Disconnect or DoNothing. */ 00375 UntrustedNetworkPolicy, /**< This preference allows an administrator to 00376 define a policy for users in untrusted networks. 00377 The options are: Connect or DoNothing. */ 00378 TrustedDNSDomains, /**< This preference defines a list of comma 00379 separated DNS suffixes that a network interface 00380 in a trusted network might have. */ 00381 TrustedDNSServers, /**< This preference defines a list of comma 00382 separated DNS servers that a network interface 00383 in a trusted network might have. */ 00384 TrustedHttpsServerList, /**< This preference defines a list of comma separated 00385 https servers reachable only via a trusted network.*/ 00386 DisableUntrustedInterfaces, /**< This preference disables interface without trusted 00387 server connectivity while in trusted network 00388 when there are multiple network interfaces. */ 00389 AlwaysOn, /**< This preference governs VPN reestablishment after 00390 interruptions */ 00391 ConnectFailurePolicy, /**< This preference gives the network administrator 00392 the ability to dictate the network access allowed 00393 by the client endpoint device following a VPN 00394 connection establishment failure. It is a component 00395 of AlwaysOn */ 00396 AllowCaptivePortalRemediation, /**< This preference gives the network administrator 00397 the ability to dictate the network access 00398 allowed by the client endpoint device following 00399 a VPN connection establishment failure it is a 00400 component of AlwaysOn */ 00401 CaptivePortalRemediationTimeout, /**< This preference allows the network administrator 00402 the ability to impose a time limit for captive portal 00403 remediation when the ConnectFailurePolicy value is Closed 00404 It is a component of AlwaysOn */ 00405 ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 00406 the ability to allow split routes and firewall rules 00407 to be applied following a VPN connection establishment 00408 failure when the ConnectFailurePolicy value is Closed 00409 It is a component of AlwaysOn */ 00410 AllowVPNDisconnect, /**< During Always On, this specifies that the user is allowed to 00411 disconnect the VPN session. */ 00412 AllowedHosts, /**< During Always On, user has access to the specified hosts 00413 when VPN is disconnected. */ 00414 EnableScripting, /**< This preference allows an administrator to 00415 enable scripting (on connect or on 00416 disconnect). */ 00417 TerminateScriptOnNextEvent, /**< This preference dictates whether or not 00418 AnyConnect will terminate a running script 00419 process if a transition to another 00420 scriptable event occurs. */ 00421 EnablePostSBLOnConnectScript, /**< This preference is used to control whether 00422 or not the OnConnect script will be launched 00423 from the desktop GUI when a tunnel has been 00424 established via SBL. */ 00425 AutomaticCertSelection, /**< This preference dictates whether or not to disable 00426 the default automatic certificate selection for user 00427 certificates. If disabled, a certificate selection dialog is 00428 displayed. This only applies if the GUI is enabled 00429 and not SBL. This only applies to Windows (not WinMobile). */ 00430 RetainVpnOnLogoff, /**< First control of the logoff behavior. This preference allows 00431 an administrator to control if the VPN is terminated or retained 00432 after user logs off.*/ 00433 UserEnforcement, /**< Second control of the logoff behavior. When the VPN connection has 00434 been retained after user logged off. Controls what user can log in 00435 and keep the VPN connection. Options are same user only and any user. */ 00436 DeviceLockRequired, /**< This preference indicates whether or not 00437 a Windows Mobile device must be configured 00438 with a password or PIN prior to establishing 00439 a VPN connection. This configuration is 00440 only valid on Windows Mobile devices that 00441 use the Microsoft Default Local 00442 Authentication Provider (LAP). */ 00443 DeviceLockMaximumTimeoutMinutes, /**< When set to a non-negative number, 00444 this preference specifies the maximum 00445 number of minutes a device can be 00446 inactive before device lock takes 00447 into effect. (WM5/WM5AKU2+) */ 00448 DeviceLockMinimumPasswordLength, /**< When set to a non-negative number, 00449 this preference specifies that any 00450 PIN/password used for device lock 00451 must be equal to or longer than 00452 the specified value, in characters. 00453 This setting must be pushed down to 00454 the mobile device by syncing with 00455 an Exchange server before it can be 00456 enforced. (WM5AKU2+) */ 00457 DeviceLockPasswordComplexity, /**< This preference checks whether or 00458 not the password belongs to one of 00459 three subtypes: alpha, pin, strong */ 00460 EnableAutomaticServerSelection, /**< Automatic server selection will 00461 automatically select the optimal 00462 secure gateway for the endpoint */ 00463 AutoServerSelectionImprovement, /**< During a reconnection attempt after 00464 a system resume, this setting 00465 specifies the minimum estimated 00466 performance improvement required to 00467 justify transitioning a user to a new server 00468 This value represents percentage in 0..100 */ 00469 AutoServerSelectionSuspendTime, /**< During a reconnection attempt after 00470 a system resume, this specifies the 00471 minimum time a user must have been 00472 suspended in order to justify a new 00473 server selection calculation. Unit is hours */ 00474 AuthenticationTimeout, /**< Time, in seconds, that the client waits 00475 for authentication to be completed.*/ 00476 SafeWordSofTokenIntegration, /**< This preference will enable the administrator and possibly 00477 the end user to enable SafeWord SofToken integration. 00478 Options are Enabled (true) and Disabled (false - default). */ 00479 AllowIPsecOverSSL, /**< if 'true' then tunneling of IPSEC over SSL 00480 is made possible with help from the ASA. 00481 */ 00482 ClearSmartcardPin, /**< This preference controls whether the smartcard pin 00483 will be cleared on a successful connection*/ 00484 IPProtocolSupport, /**< This preference controls which protocol(s) will be 00485 allowed for the connection*/ 00486 CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal 00487 remediation and specifies whether the user is allowed to 00488 opt for an external browser for remediation, as opposed to 00489 the AnyConnect browser. */ 00490 AllowManualHostInput, /**< This preference specifies whether the user 00491 is allowed to type a new hostname in the VPN 00492 edit box. */ 00493 BlockUntrustedServers, /**< This preference specifies whether the user wants 00494 to allow for connections to secure gateways with 00495 certificate errors. */ 00496 PublicProxyServerAddress, /**< This preference specifies the public proxy server 00497 address to be used. This number is in the format 00498 ServerAddr:ServerPort (ex. 101.89.85.444:8080) 00499 or just the FQDN. */ 00500 CertificatePinning, /**< This preference specifies whether Certificate Pinning 00501 check should be performed during server certificate 00502 verification. */ 00503 UnknownPreference 00504 }; 00505 00506 00507 /** 00508 * Indicates the scope of the preferences contained in a PreferenceInfo object 00509 */ 00510 #if defined(__midl) 00511 [v1_enum] /*serialize as 32 bits*/ 00512 #endif 00513 enum PreferenceScope 00514 { 00515 User, /**< Indicates that the preferences were set by a user */ 00516 Global, /**< Indicates that the preferences are global */ 00517 UserAndGlobal /**< Indicates that we have both user and global preferences */ 00518 }; 00519 00520 /** 00521 * Indicates the client mode of operation. Unlike tunneling mode or other 00522 * mutually exclusive modes, client operating modes are independent settings, 00523 * several of which can be turned on simultaneously. 00524 */ 00525 #if defined(__midl) 00526 [v1_enum] /*serialize as 32 bits*/ 00527 #endif 00528 enum OperatingMode 00529 { 00530 FIPS = (1 << 0), /**< Indicates that the client is 00531 running in FIPS mode. */ 00532 StartBeforeLogon = (1 << 1), /**< Indicates that the client is 00533 running in Start Before Login 00534 mode. */ 00535 GUI = (1 << 2), /**< Indicates that the client is 00536 a GUI client. */ 00537 TrustedNetworkDetection = (1 << 3), /**< Indicates that a Trusted Network 00538 Detection policy is enabled for 00539 the client. */ 00540 AlwaysOnVpn = (1 << 4), /**< Indicates that the Always On 00541 policy is enabled for the client. */ 00542 NetworkIssue = (1 << 5), /**< For user notifications only. 00543 Indication by API to the UI that 00544 there is a network condition. */ 00545 Quarantined = (1 << 6), /**< Indicates that the VPN session is being 00546 Quarantined by the secure gateway. */ 00547 AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend 00548 is enabled. */ 00549 DisconnectAllowed = (1 << 8), /**< Indicates that the user is allowed 00550 to disconnect the VPN based on 00551 policy. */ 00552 VPNDisabled = (1 << 9), /**< Indicates that the VPN service is 00553 to be marked as disabled. */ 00554 SCEPMode = (1 << 10), /**< Indicates that the client is 00555 performing a SCEP cert enrollment. */ 00556 OnTrustedNetwork = (1 << 11), /**< Indicates that at last check, the 00557 client detected that it was on 00558 a trusted network. */ 00559 ManualHostInputAllowed = (1 << 12), /**< Indicates that the user is allowed 00560 to add a new host by typing its name 00561 in the VPN edit box. */ 00562 ErrorSuppressed = (1 << 13), /**< Indicates a connection error has 00563 been returned fronm the agent, but 00564 was suppressed to warning to 00565 prevent popup dialog in the UI. */ 00566 StrictMode = (1 << 14), /**< Indicates that the client is 00567 running in strict certificate trust mode. */ 00568 CLI = (1 << 15), /**< Indicates that the client is 00569 a CLI client. */ 00570 Management = (1 << 16) /**< Indicates that the client is strictly 00571 used for initiating a management tunnel. */ 00572 }; 00573 00574 /** 00575 * Indicates the last error seen by the API in this connection attempt. 00576 */ 00577 #if defined(__midl) 00578 [v1_enum] /*serialize as 32 bits*/ 00579 #endif 00580 enum VPNError 00581 { 00582 VPNSuccess = 0, /**< No error has occurred. */ 00583 VPNError_Generic_FatalError = 1, /**< An error of unknown type has 00584 occured */ 00585 00586 VPNError_Connection_Error = 100, /**< An unknown connection error has 00587 occured, such as bad hostname, bad 00588 group, etc. */ 00589 VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the 00590 server address */ 00591 00592 VPNError_Network_Error = 200, /**< An unknown network error has 00593 occured, such as DNS resolution 00594 error, unable to open socket, 00595 routing error, captive portal, 00596 etc. */ 00597 00598 VPNError_Authentication_Error = 300, /**< An unknown user authenication 00599 error has occured. */ 00600 00601 VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does 00602 not meet policy requirements (DAP). */ 00603 00604 VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client 00605 certificate error has 00606 occured. */ 00607 VPNError_ClientCertificate_Missing, /**< A client certificate is required 00608 but no client certificate has been 00609 found on the system. */ 00610 VPNError_ClientCertificate_Expired, /**< The client certificate has expired */ 00611 VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not 00612 yet valid. */ 00613 00614 VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has 00615 occured when validating 00616 the server certificate. */ 00617 VPNError_ServerCertificate_Expired, /**< The server certificate has 00618 expired. */ 00619 VPNError_ServerCertificate_NotYetValid /**< The server certificate is not 00620 yet valid. */ 00621 }; 00622 00623 enum CertAuthMode 00624 { 00625 CertAuth_Automatic, /**< Will try each available certificate in succession 00626 until authentication is obtained or we run out of 00627 available certificates */ 00628 CertAuth_Disabled, /**< Will disable Certificate Based Authentication */ 00629 CertAuth_Manual /**< Will only use preconfigured certificate to attempt 00630 Certificate Based Authentication */ 00631 }; 00632 00633 enum CertificateType 00634 { 00635 CertificateType_Client, 00636 CertificateType_SystemTrusted, 00637 CertificateType_Server 00638 }; 00639 00640 enum CertConfirmReason 00641 { 00642 CertConfirmReason_Unspecified, 00643 CertConfirmReason_NameMismatch, 00644 CertConfirmReason_Expired, 00645 CertConfirmReason_NotValidYet, 00646 CertConfirmReason_UntrustedSource, 00647 CertConfirmReason_InvalidUse, 00648 CertConfirmReason_Revoked, 00649 CertConfirmReason_Malformed, 00650 CertConfirmReason_NotFipsCompliant, 00651 CertConfirmReason_InvalidateDate, 00652 CertConfirmReason_SignatureAlgorithm, 00653 CertConfirmReason_KeySize 00654 }; 00655 00656 enum UserResponseError 00657 { 00658 UserResponseError_None, 00659 UserResponseError_Unspecified, 00660 UserResponseError_BadServerCert, 00661 UserResponseError_SsoNavigation, 00662 UserResponseError_SsoGettingCookie, 00663 UserResponseError_SsoTimeout, 00664 UserResponseError_SsoMissingDependency, 00665 UserResponseError_SsoClientCertRequest, 00666 UserResponseError_SsoAborted, 00667 }; 00668 00669 #if defined(__midl) 00670 [v1_enum] /*serialize as 32 bits*/ 00671 #endif 00672 enum ClientType 00673 { 00674 ClientType_GUI, 00675 ClientType_GUI_SBL, 00676 ClientType_CLI, 00677 ClientType_MGMT 00678 }; 00679 00680 #endif // _APISTDHEADER_