 |
AnyConnect Secure Mobility Client 4.10.07062
|
|
AnyConnect Secure Mobility Client 4.10.07062
|
00001 /************************************************************************** 00002 * Copyright (c) 2008, 2022-2023 Cisco Systems, Inc. 00003 * All Rights Reserved. Cisco Highly Confidential. 00004 *************************************************************************** 00005 * 00006 * File: api.h 00007 * Date: 01/2008 00008 * 00009 *************************************************************************** 00010 * VPN GUI API module interface types 00011 ***************************************************************************/ 00012 #ifndef _APISTDHEADER_ 00013 #define _APISTDHEADER_ 00014 00015 /** 00016 * @file 00017 * This file contains some basic compiler definitions as well as common enums. 00018 */ 00019 00020 //Not compatible with MIDL 00021 #if !defined(__midl) 00022 #ifdef _WIN32 00023 #pragma warning(disable:4251 4786) 00024 00025 #ifndef UNICODE 00026 #define UNICODE 00027 #endif // UNICODE 00028 00029 #ifndef _UNICODE 00030 #define _UNICODE 00031 #endif // _UNICODE 00032 00033 #ifndef tstring 00034 /** std::wstring */ 00035 #define tstring std::wstring /**< my wstring description */ 00036 #endif // tstring 00037 00038 #else // non-windows 00039 00040 #ifndef tstring 00041 #define tstring std::string 00042 #endif // tstring 00043 00044 #endif // _WIN32 00045 00046 #ifdef _UNICODE 00047 #define tostream std::wostream 00048 #else 00049 #define tostream std::ostream 00050 #endif /* UNICODE */ 00051 00052 00053 //used when including implementation files directly in an EXE. 00054 #ifdef _NOEXPORTDLL 00055 #define VPN_VPNAPI 00056 #else 00057 #ifdef _WIN32 00058 #ifdef VPN_APIEXPORTS //api 00059 #define VPN_VPNAPI __declspec(dllexport) 00060 #else 00061 #define VPN_VPNAPI __declspec(dllimport) 00062 #endif 00063 #else 00064 #ifdef VPN_APIEXPORTS 00065 #define VPN_VPNAPI __attribute__((visibility("default"))) 00066 #else 00067 #define VPN_VPNAPI 00068 #endif 00069 #endif //_WIN32 00070 #endif //NOEXPORTDLL 00071 00072 #ifndef OUT 00073 #define OUT 00074 #endif 00075 00076 #ifdef __cplusplus //only include if C++ is being used, 00077 //C code also includes api.h for COM proxy of enumerators. 00078 #include <string> 00079 #include <map> 00080 #include <list> 00081 00082 typedef std::map<tstring, tstring> ApiStringMap; 00083 typedef std::map<tstring, std::list<tstring> > ApiStringListMap; 00084 00085 #endif //__cplusplus 00086 #endif //#if !defined(__midl) 00087 00088 00089 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\ 00090 ********* make sure to add the [v1_enum] inside a __midl define to new enums ******** 00091 \******************** This is also compiled with IDL compiler **********************/ 00092 00093 #include "GlobalEnums.h" 00094 /** 00095 * MessageType 00096 * presents a level of severity associated with messages that are 00097 * sent to the API. The severity can be useful for deciding how a message is 00098 * to be shown. A UI might decide based on type to show a message as 00099 * a modal dialog versus a message written to the status area for an existing UI. 00100 */ 00101 #if defined(__midl) 00102 [v1_enum] /*serialize as 32 bits*/ 00103 #endif 00104 enum MessageType 00105 { 00106 MsgType_Error, /**< Issue usually requiring user to acknowledge */ 00107 MsgType_Alert, /**< Warning message that needs to be shown to user. */ 00108 MsgType_Warn, /**< Less severe, not required to be shown to user */ 00109 MsgType_Info, /**< General message providing status, progress, etc. */ 00110 MsgType_Status, /**< Can be used to indicate unexpected tunnel status change. */ 00111 MsgType_UrlError /**< Error message that provides additional information by opening browser. */ 00112 }; 00113 00114 00115 /** 00116 * Identifies the type of token that was used successfully when SDI 00117 * Authentication is in use. 00118 */ 00119 #if defined(__midl) 00120 [v1_enum] /*serialize as 32 bits*/ 00121 #endif 00122 enum SDITokenType 00123 { 00124 SDITT_NONE, 00125 SDITT_HARDWARE, 00126 SDITT_SOFTWARE 00127 }; 00128 00129 /** 00130 * Provides the current state of the VPN tunnel. 00131 */ 00132 #if defined(__midl) 00133 [v1_enum] /*serialize as 32 bits*/ 00134 #endif 00135 enum VPNState 00136 { 00137 CONNECTED = STATE_CONNECTED, /**< VPN is active */ 00138 DISCONNECTED = STATE_DISCONNECTED, /**< VPN is inactive */ 00139 CONNECTING = STATE_CONNECTING, /**< VPN is being established */ 00140 DISCONNECTING = STATE_DISCONNECTING, /**< VPN is being terminated */ 00141 RECONNECTING = STATE_RECONNECTING, /**< VPN is being re-connected. This state 00142 can occur due to network or other 00143 temporary problems. The state 00144 indicates that the VPN is temporarily 00145 unavailable and indicates the 00146 connection is being re-established. */ 00147 PAUSING = STATE_PAUSING, /**< VPN is being paused. */ 00148 PAUSED = STATE_PAUSED, /**< VPN is paused. */ 00149 SSOPOLLING = STATE_SSOPOLLING, /**< API is doing auth-poll, VPN is disconnected. */ 00150 UNKNOWN = ~0 00151 }; 00152 00153 /** 00154 * Provides the current sub-state of the VPN tunnel. 00155 */ 00156 #if defined(__midl) 00157 [v1_enum] /*serialize as 32 bits*/ 00158 #endif 00159 enum VPNSubState 00160 { 00161 VPNSS_NORMAL = VCSS_NORMAL, 00162 VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY, 00163 VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING, 00164 VPNSS_MT_DISCONNECTED_DISABLED = VCSS_MT_DISCONNECTED_DISABLED, 00165 VPNSS_MT_DISCONNECTED_TRUSTED_NW = VCSS_MT_DISCONNECTED_TRUSTED_NW, 00166 VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE, 00167 VPNSS_MT_DISCONNECTED_LAUNCH_FAILED = VCSS_MT_DISCONNECTED_LAUNCH_FAILED, 00168 VPNSS_MT_DISCONNECTED_CONNECT_FAILED = VCSS_MT_DISCONNECTED_CONNECT_FAILED, 00169 VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG, 00170 VPNSS_MT_DISCONNECTED_SW_UP_PENDING = VCSS_MT_DISCONNECTED_SW_UP_PENDING, 00171 VPNSS_MTU_ADJUSTMENT_PENDING = VCSS_MTU_ADJUSTMENT_PENDING 00172 }; 00173 00174 /** 00175 * WMHint 00176 * provides a hint for the GUI to either minimize or un-minimize. 00177 */ 00178 #if defined(__midl) 00179 [v1_enum] /*serialize as 32 bits*/ 00180 #endif 00181 enum WMHint 00182 { 00183 MINIMIZE, /**< hint to minimize GUI */ 00184 OPEN, /**< hint to un-minimize GUI */ 00185 QUIT, /**< hint that GUI should close. @see WMHintReason */ 00186 REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */ 00187 REFRESHPREFS, /**< hint to refresh the preferences */ 00188 SHOWCONNECTING, /**< hint to display "connecting" status */ 00189 CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */ 00190 }; 00191 00192 00193 /** 00194 * WMHintReason 00195 * provides a reason indicator for the #WMHint 00196 */ 00197 #if defined(__midl) 00198 [v1_enum] /*serialize as 32 bits*/ 00199 #endif 00200 enum WMHintReason 00201 { 00202 SECONDGUISTART, /**< Indicates a second GUI has been launched. This 00203 indicator is used to suggest that the GUI 00204 already running be OPENed and that the first one 00205 should exit. */ 00206 PROXYREQUEST, /**< Proxy credential request can be for web-launch or 00207 standalone-initiated connections. */ 00208 SERVICEFAILURE, /**< This tag is used when the VPN service 00209 is no longer available. */ 00210 DISCONNECT, /**< Any disconnect notices should be seen by the user. */ 00211 SERVICESTOPPED, /**< This tag will be used in cases where the VPN service 00212 has been stopped. */ 00213 CONNECT, /**< Tag indicating an action to be taken due to connect, 00214 for example a request to minimize the UI. */ 00215 REASONUNKNOWN /**< */ 00216 }; 00217 00218 /** 00219 * provides an indication of the type of credential data being requested. 00220 */ 00221 #if defined(__midl) 00222 [v1_enum] /*serialize as 32 bits*/ 00223 #endif 00224 enum ConnectPromptType 00225 { 00226 CERTIFICATE, /**< Indicates a certificate-only type of connection and 00227 would not normally be sent to client unless a 00228 post-authentication banner is to be displayed. */ 00229 CREDENTIALS, /**< Indicates that the user is to be prompted for authentication 00230 credentials */ 00231 PROXY, /**< Indicates that the user is to be prompted for 00232 proxy-authentication credentials */ 00233 MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related 00234 to PKCS12 import*/ 00235 STATUS, /**< Indicates that status messages are to be displayed to 00236 the user*/ 00237 SINGLESIGNON, /**< Indicates an embedded browser based single sign-on authentication method is requested. */ 00238 SINGLELOGOUT, /**< Indicates an embedded browser based single sign-on authentication logout is requested. */ 00239 LEGACY_SINGLESIGNON, /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */ 00240 }; 00241 00242 00243 /** 00244 * Indicates the prompt or credential type. 00245 */ 00246 #if defined(__midl) 00247 [v1_enum] /*serialize as 32 bits*/ 00248 #endif 00249 enum PromptType { Prompt_Input, /**< label and value. */ 00250 Prompt_Password, /**< label and value, indicates user 00251 response should be masked. */ 00252 Prompt_Banner, /**< value (the banner) with no label set. */ 00253 Prompt_Combo, /**< list with choices options. */ 00254 Prompt_Header, /**< label intended as header and with 00255 value. */ 00256 Prompt_Hidden, /**< hidden value, should be ignored and 00257 left unchanged in response. */ 00258 Prompt_CheckBox, /**< label and value (contrained to true or false) */ 00259 Prompt_SSO /**< single sign-on authentication token prompt */ 00260 }; 00261 00262 #if defined(__midl) 00263 [v1_enum] /*serialize as 32 bits*/ 00264 #endif 00265 00266 /* 00267 * ***************** !!! ATTENTION !!! *********************************** 00268 * * 00269 * * When updating this preference enum, you must ensure that the enum in 00270 * * vpn/Api/jni/java/Preference.java is also updated. 00271 * * 00272 * ***************** !!! ATTENTION !!! *********************************** 00273 */ 00274 enum PreferenceId 00275 { 00276 ServiceDisable, /**< This preference disable the VPN service. 00277 If more than one profile exists and any one 00278 profile has VPN enabled, then it will be 00279 enabled. False is the default. */ 00280 CertificateStoreOverride,/**< This preference will trigger an alternate 00281 authentication sequence in the API. The 00282 preference is only settable by an 00283 administrator. */ 00284 CertificateStore, /**< This preference indicates which Windows certificate 00285 store AnyConnect should look in for client certificates. 00286 The options are All, Machine and User with a default of All. 00287 The preference is only settable by an administrator. */ 00288 CertificateStoreMac, /**< This preference indicates which macOS keychain 00289 AnyConnect should look in for client certificates. 00290 The options are All, System and Login with a default of All. 00291 The preference is only settable by an administrator. */ 00292 CertificateStoreLinux, /**< This preference indicates which Linux certificate 00293 store AnyConnect should look in for client certificates. 00294 The options are All, Machine and User with a default of All. 00295 The preference is only settable by an administrator. */ 00296 ShowPreConnectMessage, /**< The ShowPreConnectMessage preference gives the 00297 administrator the ability to display an AnyConnect 00298 startup banner message. The message will appear 00299 only once per AnyConnect program start. The 00300 preference is only settable by an 00301 administrator. */ 00302 AutoConnectOnStart, /**< This preference allows the user to select 00303 whether to establish a connection automatically 00304 on startup or not. */ 00305 MinimizeOnConnect, /**< This preference allows the user to select if 00306 the GUI should minimize when the connection is 00307 established */ 00308 LocalLanAccess, /**< This preference will provide a mechanism where 00309 the user can disable access to their Local LAN. */ 00310 DisableCaptivePortalDetection, /**<This preference will provide a mechanism where 00311 the user can disable captive portal detection.*/ 00312 AutoReconnect, /**< First control of the reconnect behavior. If the 00313 client becomes disconnected for any reason, a 00314 reconnect attempt is made. */ 00315 AutoReconnectBehavior, /**< Second control of the reconnect behavior. When 00316 coming out of suspend/hibernate/standby mode. 00317 Options are disconnect on suspend and reconnect 00318 after suspend. */ 00319 SuspendOnConnectedStandby, /**< This setting allows to control whether the VPN tunnel 00320 is suspended when the system enters the Connected Standby 00321 mode. It applies only to Windows 8 and above. */ 00322 UseStartBeforeLogon, /**< This preference allows an administrator to 00323 control the use of the Start Before Logon 00324 feature. The preference can be set to true (on) 00325 or false (off). */ 00326 AutoUpdate, /**< Once the Downloader has loaded the profile, it 00327 can check the AutoUpdate preference to see if 00328 updates are either disabled or enabled */ 00329 RSASecurIDIntegration, /**< This preference will enable the administrator 00330 and possibly end user to select the preferred 00331 method of managing their SDI PIN and PASSCODE 00332 interactions. Options are Automatic (default), 00333 SoftwareTokens and HardwareTokens. */ 00334 WindowsLogonEnforcement,/**< This preference allows an administrator to 00335 control if more than one user may be logged into 00336 the client PC during the VPN connection (Windows 00337 only). */ 00338 WindowsVPNEstablishment,/**< This preference allows an administrator to 00339 control whether or not remote users may initiate 00340 a VPN connection (Windows only). */ 00341 LinuxLogonEnforcement, /**< This preference allows an administrator to 00342 control if more than one user may be logged into 00343 the client PC during the VPN connection (Linux 00344 only). */ 00345 LinuxVPNEstablishment, /**< This preference allows an administrator to 00346 control whether or not remote users may initiate 00347 a VPN connection (Linux only). */ 00348 ProxySettings, /**< This preference allows an administrator to 00349 control how user's proxy setups are handled.*/ 00350 AllowLocalProxyConnections, /**< This preference allows the administrator to control 00351 whether to allow establishing a connection through 00352 a local proxy. */ 00353 PPPExclusion, /**< This preference allows an administrator to control 00354 the policy used to exclude routes to 00355 PPP servers when connecting over L2TP or PPTP. 00356 Options are Automatic (default), Disable, 00357 and Override. */ 00358 PPPExclusionServerIP, /**< When PPPExclusion is set to Manual, 00359 the value of this preference allows an 00360 end user to specify the address of a 00361 PPP server that should be excluded 00362 from tunnel traffic. */ 00363 AutomaticVPNPolicy, /**< This preference allows an administrator to 00364 define a policy to automatically manage when a 00365 VPN connection should be started or stopped. */ 00366 TrustedNetworkPolicy, /**< This preference allows an administrator to 00367 define a policy for users in trusted networks. 00368 The options are: Disconnect or DoNothing. */ 00369 UntrustedNetworkPolicy, /**< This preference allows an administrator to 00370 define a policy for users in untrusted networks. 00371 The options are: Connect or DoNothing. */ 00372 BypassConnectUponSessionTimeout, /**< This preference allows an administrator 00373 the ability to instruct the client to bypass the 00374 automatic connection retry after a VPN session timeout. */ 00375 TrustedDNSDomains, /**< This preference defines a list of comma 00376 separated DNS suffixes that a network interface 00377 in a trusted network might have. */ 00378 TrustedDNSServers, /**< This preference defines a list of comma 00379 separated DNS servers that a network interface 00380 in a trusted network might have. */ 00381 TrustedHttpsServerList, /**< This preference defines a list of comma separated 00382 https servers reachable only via a trusted network.*/ 00383 AlwaysOn, /**< This preference governs VPN reestablishment after 00384 interruptions */ 00385 ConnectFailurePolicy, /**< This preference gives the network administrator 00386 the ability to dictate the network access allowed 00387 by the client endpoint device following a VPN 00388 connection establishment failure. It is a component 00389 of AlwaysOn */ 00390 AllowCaptivePortalRemediation, /**< This preference gives the network administrator 00391 the ability to dictate the network access 00392 allowed by the client endpoint device following 00393 a VPN connection establishment failure it is a 00394 component of AlwaysOn */ 00395 CaptivePortalRemediationTimeout, /**< This preference allows the network administrator 00396 the ability to impose a time limit for captive portal 00397 remediation when the ConnectFailurePolicy value is Closed 00398 It is a component of AlwaysOn */ 00399 ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 00400 the ability to allow split routes and firewall rules 00401 to be applied following a VPN connection establishment 00402 failure when the ConnectFailurePolicy value is Closed 00403 It is a component of AlwaysOn */ 00404 AllowVPNDisconnect, /**< During Always On, this specifies that the user is allowed to 00405 disconnect the VPN session. */ 00406 AllowedHosts, /**< During Always On, user has access to the specified hosts 00407 when VPN is disconnected. */ 00408 EnableScripting, /**< This preference allows an administrator to 00409 enable scripting (on connect or on 00410 disconnect). */ 00411 TerminateScriptOnNextEvent, /**< This preference dictates whether or not 00412 AnyConnect will terminate a running script 00413 process if a transition to another 00414 scriptable event occurs. */ 00415 EnablePostSBLOnConnectScript, /**< This preference is used to control whether 00416 or not the OnConnect script will be launched 00417 from the desktop GUI when a tunnel has been 00418 established via SBL. */ 00419 AutomaticCertSelection, /**< This preference dictates whether or not to disable 00420 the default automatic certificate selection for user 00421 certificates. If disabled, a certificate selection dialog is 00422 displayed. This only applies if the GUI is enabled 00423 and not SBL. This only applies to Windows (not WinMobile). */ 00424 RetainVpnOnLogoff, /**< First control of the logoff behavior. This preference allows 00425 an administrator to control if the VPN is terminated or retained 00426 after user logs off.*/ 00427 UserEnforcement, /**< Second control of the logoff behavior. When the VPN connection has 00428 been retained after user logged off. Controls what user can log in 00429 and keep the VPN connection. Options are same user only and any user. */ 00430 DeviceLockRequired, /**< This preference indicates whether or not 00431 a Windows Mobile device must be configured 00432 with a password or PIN prior to establishing 00433 a VPN connection. This configuration is 00434 only valid on Windows Mobile devices that 00435 use the Microsoft Default Local 00436 Authentication Provider (LAP). */ 00437 DeviceLockMaximumTimeoutMinutes, /**< When set to a non-negative number, 00438 this preference specifies the maximum 00439 number of minutes a device can be 00440 inactive before device lock takes 00441 into effect. (WM5/WM5AKU2+) */ 00442 DeviceLockMinimumPasswordLength, /**< When set to a non-negative number, 00443 this preference specifies that any 00444 PIN/password used for device lock 00445 must be equal to or longer than 00446 the specified value, in characters. 00447 This setting must be pushed down to 00448 the mobile device by syncing with 00449 an Exchange server before it can be 00450 enforced. (WM5AKU2+) */ 00451 DeviceLockPasswordComplexity, /**< This preference checks whether or 00452 not the password belongs to one of 00453 three subtypes: alpha, pin, strong */ 00454 EnableAutomaticServerSelection, /**< Automatic server selection will 00455 automatically select the optimal 00456 secure gateway for the endpoint */ 00457 AutoServerSelectionImprovement, /**< During a reconnection attempt after 00458 a system resume, this setting 00459 specifies the minimum estimated 00460 performance improvement required to 00461 justify transitioning a user to a new server 00462 This value represents percentage in 0..100 */ 00463 AutoServerSelectionSuspendTime, /**< During a reconnection attempt after 00464 a system resume, this specifies the 00465 minimum time a user must have been 00466 suspended in order to justify a new 00467 server selection calculation. Unit is hours */ 00468 AuthenticationTimeout, /**< Time, in seconds, that the client waits 00469 for authentication to be completed.*/ 00470 SafeWordSofTokenIntegration, /**< This preference will enable the administrator and possibly 00471 the end user to enable SafeWord SofToken integration. 00472 Options are Enabled (true) and Disabled (false - default). */ 00473 AllowIPsecOverSSL, /**< if 'true' then tunneling of IPSEC over SSL 00474 is made possible with help from the ASA. 00475 */ 00476 ClearSmartcardPin, /**< This preference controls whether the smartcard pin 00477 will be cleared on a successful connection*/ 00478 IPProtocolSupport, /**< This preference controls which protocol(s) will be 00479 allowed for the connection*/ 00480 CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal 00481 remediation and specifies whether the user is allowed to 00482 opt for an external browser for remediation, as opposed to 00483 the AnyConnect browser. */ 00484 AllowManualHostInput, /**< This preference specifies whether the user 00485 is allowed to type a new hostname in the VPN 00486 edit box. */ 00487 BlockUntrustedServers, /**< This preference specifies whether the user wants 00488 to allow for connections to secure gateways with 00489 certificate errors. */ 00490 PublicProxyServerAddress, /**< This preference specifies the public proxy server 00491 address to be used. This number is in the format 00492 ServerAddr:ServerPort (ex. 101.89.85.444:8080) 00493 or just the FQDN. */ 00494 CertificatePinning, /**< This preference specifies whether Certificate Pinning 00495 check should be performed during server certificate 00496 verification. */ 00497 UnknownPreference 00498 }; 00499 00500 00501 /** 00502 * Indicates the scope of the preferences contained in a PreferenceInfo object 00503 */ 00504 #if defined(__midl) 00505 [v1_enum] /*serialize as 32 bits*/ 00506 #endif 00507 enum PreferenceScope 00508 { 00509 User, /**< Indicates that the preferences were set by a user */ 00510 Global, /**< Indicates that the preferences are global */ 00511 UserAndGlobal /**< Indicates that we have both user and global preferences */ 00512 }; 00513 00514 /** 00515 * Indicates the client mode of operation. Unlike tunneling mode or other 00516 * mutually exclusive modes, client operating modes are independent settings, 00517 * several of which can be turned on simultaneously. 00518 */ 00519 #if defined(__midl) 00520 [v1_enum] /*serialize as 32 bits*/ 00521 #endif 00522 enum OperatingMode 00523 { 00524 FIPS = (1 << 0), /**< Indicates that the client is 00525 running in FIPS mode. */ 00526 StartBeforeLogon = (1 << 1), /**< Indicates that the client is 00527 running in Start Before Login 00528 mode. */ 00529 GUI = (1 << 2), /**< Indicates that the client is 00530 a GUI client. */ 00531 TrustedNetworkDetection = (1 << 3), /**< Indicates that a Trusted Network 00532 Detection policy is enabled for 00533 the client. */ 00534 AlwaysOnVpn = (1 << 4), /**< Indicates that the Always On 00535 policy is enabled for the client. */ 00536 NetworkIssue = (1 << 5), /**< For user notifications only. 00537 Indication by API to the UI that 00538 there is a network condition. */ 00539 Quarantined = (1 << 6), /**< Indicates that the VPN session is being 00540 Quarantined by the secure gateway. */ 00541 AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend 00542 is enabled. */ 00543 DisconnectAllowed = (1 << 8), /**< Indicates that the user is allowed 00544 to disconnect the VPN based on 00545 policy. */ 00546 VPNDisabled = (1 << 9), /**< Indicates that the VPN service is 00547 to be marked as disabled. */ 00548 SCEPMode = (1 << 10), /**< Indicates that the client is 00549 performing a SCEP cert enrollment. */ 00550 OnTrustedNetwork = (1 << 11), /**< Indicates that at last check, the 00551 client detected that it was on 00552 a trusted network. */ 00553 ManualHostInputAllowed = (1 << 12), /**< Indicates that the user is allowed 00554 to add a new host by typing its name 00555 in the VPN edit box. */ 00556 ErrorSuppressed = (1 << 13), /**< Indicates a connection error has 00557 been returned fronm the agent, but 00558 was suppressed to warning to 00559 prevent popup dialog in the UI. */ 00560 StrictMode = (1 << 14), /**< Indicates that the client is 00561 running in strict certificate trust mode. */ 00562 CLI = (1 << 15), /**< Indicates that the client is 00563 a CLI client. */ 00564 Management = (1 << 16) /**< Indicates that the client is strictly 00565 used for initiating a management tunnel. */ 00566 }; 00567 00568 /** 00569 * Indicates the last error seen by the API in this connection attempt. 00570 */ 00571 #if defined(__midl) 00572 [v1_enum] /*serialize as 32 bits*/ 00573 #endif 00574 enum VPNError 00575 { 00576 VPNSuccess = 0, /**< No error has occurred. */ 00577 VPNError_Generic_FatalError = 1, /**< An error of unknown type has 00578 occured */ 00579 00580 VPNError_Connection_Error = 100, /**< An unknown connection error has 00581 occured, such as bad hostname, bad 00582 group, etc. */ 00583 VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the 00584 server address */ 00585 00586 VPNError_Network_Error = 200, /**< An unknown network error has 00587 occured, such as DNS resolution 00588 error, unable to open socket, 00589 routing error, captive portal, 00590 etc. */ 00591 00592 VPNError_Authentication_Error = 300, /**< An unknown user authenication 00593 error has occured. */ 00594 00595 VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does 00596 not meet policy requirements (DAP). */ 00597 00598 VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client 00599 certificate error has 00600 occured. */ 00601 VPNError_ClientCertificate_Missing, /**< A client certificate is required 00602 but no client certificate has been 00603 found on the system. */ 00604 VPNError_ClientCertificate_Expired, /**< The client certificate has expired */ 00605 VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not 00606 yet valid. */ 00607 00608 VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has 00609 occured when validating 00610 the server certificate. */ 00611 VPNError_ServerCertificate_Expired, /**< The server certificate has 00612 expired. */ 00613 VPNError_ServerCertificate_NotYetValid /**< The server certificate is not 00614 yet valid. */ 00615 }; 00616 00617 enum CertAuthMode 00618 { 00619 CertAuth_Automatic, /**< Will try each available certificate in succession 00620 until authentication is obtained or we run out of 00621 available certificates */ 00622 CertAuth_Disabled, /**< Will disable Certificate Based Authentication */ 00623 CertAuth_Manual /**< Will only use preconfigured certificate to attempt 00624 Certificate Based Authentication */ 00625 }; 00626 00627 enum CertificateType 00628 { 00629 CertificateType_Client, 00630 CertificateType_SystemTrusted, 00631 CertificateType_Server 00632 }; 00633 00634 enum CertConfirmReason 00635 { 00636 CertConfirmReason_Unspecified, 00637 CertConfirmReason_NameMismatch, 00638 CertConfirmReason_Expired, 00639 CertConfirmReason_NotValidYet, 00640 CertConfirmReason_UntrustedSource, 00641 CertConfirmReason_InvalidUse, 00642 CertConfirmReason_Revoked, 00643 CertConfirmReason_Malformed, 00644 CertConfirmReason_NotFipsCompliant, 00645 CertConfirmReason_InvalidateDate, 00646 CertConfirmReason_SignatureAlgorithm, 00647 CertConfirmReason_KeySize 00648 }; 00649 00650 enum UserResponseError 00651 { 00652 UserResponseError_None, 00653 UserResponseError_Unspecified, 00654 UserResponseError_BadServerCert, 00655 UserResponseError_SsoNavigation, 00656 UserResponseError_SsoGettingCookie, 00657 UserResponseError_SsoTimeout, 00658 UserResponseError_SsoMissingDependency, 00659 UserResponseError_SsoClientCertRequest, 00660 UserResponseError_SsoAborted, 00661 }; 00662 00663 #if defined(__midl) 00664 [v1_enum] /*serialize as 32 bits*/ 00665 #endif 00666 enum ClientType 00667 { 00668 ClientType_GUI, 00669 ClientType_GUI_SBL, 00670 ClientType_CLI, 00671 ClientType_MGMT 00672 }; 00673 00674 #endif // _APISTDHEADER_