AnyConnect Secure Mobility Client  4.0.00061
include/api.h
Go to the documentation of this file.
00001 #ifndef _APISTDHEADER_
00002 #define _APISTDHEADER_
00003 
00004 /**
00005  * @file
00006  * This file contains some basic compiler definitions as well as common enums.
00007  */
00008 
00009 //Not compatible with MIDL
00010 #if !defined(__midl)
00011 #ifdef _WIN32
00012     #pragma warning(disable:4251 4786)
00013 
00014     #ifndef UNICODE
00015         #define UNICODE
00016     #endif // UNICODE
00017 
00018     #ifndef _UNICODE
00019         #define _UNICODE
00020     #endif // _UNICODE
00021 
00022     #ifndef tstring
00023 /** std::wstring */
00024         #define tstring std::wstring    /**< my wstring description */
00025     #endif // tstring
00026 
00027 #else // non-windows
00028 
00029     #ifndef tstring
00030         #define tstring std::string
00031     #endif // tstring
00032 
00033 #endif // _WIN32
00034 
00035 #ifdef _UNICODE
00036     #define tostream std::wostream
00037 #else
00038     #define tostream std::ostream
00039 #endif /* UNICODE */
00040 
00041 
00042 //used when including implementation files directly in an EXE.
00043 #ifdef _NOEXPORTDLL
00044     #define VPN_VPNAPI
00045 #else
00046     #ifdef VPN_APIEXPORTS //api
00047         #define VPN_VPNAPI __declspec(dllexport)
00048     #else
00049         #define VPN_VPNAPI __declspec(dllimport)
00050     #endif
00051 #endif
00052 
00053 #ifndef OUT
00054 #define OUT
00055 #endif
00056 
00057 #ifdef __cplusplus //only include if C++ is being used, 
00058                    //C code also includes api.h for COM proxy of enumerators.
00059 #include <string>
00060 #include <map>
00061 
00062 typedef std::map<tstring, tstring> ApiStringMap;
00063 
00064 #endif //__cplusplus
00065 #endif //#if !defined(__midl)
00066 
00067 
00068 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
00069 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
00070 \******************** This is also compiled with IDL compiler **********************/
00071 
00072 #include "GlobalEnums.h"
00073 /**
00074  * MessageType
00075  * presents a level of severity associated with messages that are
00076  * sent to the API.  The severity can be useful for deciding how a message is
00077  * to be shown.  A UI might decide based on type to show a message as
00078  * a modal dialog versus a message written to the status area for an existing UI.
00079  */
00080 #if defined(__midl)
00081 [v1_enum] /*serialize as 32 bits*/
00082 #endif
00083 enum MessageType
00084 {
00085     MsgType_Error,      /**< Issue usually requiring user to acknowledge */
00086     MsgType_Warn,       /**< Less severe, not required to be shown to user */
00087     MsgType_Info,       /**< General message providing status, progress, etc. */
00088     MsgType_Status      /**< Can be used to indicate unexpected tunnel status change. */
00089 };
00090 
00091 
00092 /**
00093  * Identifies the type of token that was used successfully when SDI
00094  * Authentication is in use.
00095  */
00096 #if defined(__midl)
00097 [v1_enum] /*serialize as 32 bits*/
00098 #endif
00099 enum SDITokenType 
00100 { 
00101     SDITT_NONE, 
00102     SDITT_HARDWARE, 
00103     SDITT_SOFTWARE 
00104 };
00105 
00106 /**
00107  * Provides the current state of the VPN tunnel.
00108  */
00109 #if defined(__midl)
00110 [v1_enum] /*serialize as 32 bits*/
00111 #endif
00112 enum VPNState
00113 {
00114     CONNECTED     = STATE_CONNECTED,        /**< VPN is active */
00115     DISCONNECTED  = STATE_DISCONNECTED,     /**< VPN is inactive */
00116     CONNECTING    = STATE_CONNECTING,       /**< VPN is being established */
00117     DISCONNECTING = STATE_DISCONNECTING,    /**< VPN is being terminated */
00118     RECONNECTING  = STATE_RECONNECTING,     /**< VPN is being re-connected.  This state 
00119                                                  can occur due to network or other
00120                                                  temporary problems.  The state
00121                                                  indicates that the VPN is temporarily
00122                                                  unavailable and indicates the
00123                                                  connection is being re-established. */
00124     PAUSING       = STATE_PAUSING,          /**< VPN is being paused. */
00125     PAUSED        = STATE_PAUSED,           /**< VPN is paused. */
00126     UNKNOWN       = ~0
00127 };
00128 
00129 /**
00130  * Provides the current sub-state of the VPN tunnel.
00131  */
00132 #if defined(__midl)
00133 [v1_enum] /*serialize as 32 bits*/
00134 #endif
00135 enum VPNSubState
00136 {
00137     VPNSS_NORMAL           = VCSS_NORMAL,
00138     VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY
00139 };
00140 
00141 /**
00142  * WMHint
00143  * provides a hint for the GUI to either minimize or un-minimize.
00144  */
00145 #if defined(__midl)
00146 [v1_enum] /*serialize as 32 bits*/
00147 #endif
00148 enum WMHint
00149 {
00150     MINIMIZE,       /**< hint to minimize GUI */
00151     OPEN,           /**< hint to un-minimize GUI */
00152     QUIT,           /**< hint that GUI should close.  @see WMHintReason */
00153     REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
00154     REFRESHPREFS,   /**< hint to refresh the preferences */
00155     SHOWCONNECTING  /**< hint to display "connecting" status */
00156 };
00157 
00158 
00159 /**
00160  * WMHintReason
00161  * provides a reason indicator for the #WMHint
00162  */
00163 #if defined(__midl)
00164 [v1_enum] /*serialize as 32 bits*/
00165 #endif
00166 enum WMHintReason
00167 {
00168     SECONDGUISTART, /**< Indicates a second GUI has been launched.  This
00169                          indicator is used to suggest that the GUI
00170                          already running be OPENed and that the first one
00171                          should exit. */
00172     PROXYREQUEST,   /**< Proxy credential request can be for web-launch or
00173                          standalone-initiated connections. */
00174     SERVICEFAILURE, /**< This tag is used when the VPN service
00175                          is no longer available. */
00176     DISCONNECT,     /**< Any disconnect notices should be seen by the user. */
00177     SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
00178                          has been stopped. */
00179     CONNECT,        /**< Tag indicating an action to be taken due to connect,
00180                          for example a request to minimize the UI. */
00181     REASONUNKNOWN   /**< */
00182 };
00183 
00184 /**
00185  * provides an indication of the type of credential data being requested.
00186  */
00187 #if defined(__midl)
00188 [v1_enum] /*serialize as 32 bits*/
00189 #endif
00190 enum ConnectPromptType
00191 {
00192     CERTIFICATE,    /**< Indicates a certificate-only type of connection and
00193                          would not normally be sent to client unless a
00194                          post-authentication banner is to be displayed. */
00195     CREDENTIALS,    /**< Indicates that the user is to be prompted for authentication
00196                          credentials */
00197     PROXY,          /**< Indicates that the user is to be prompted for
00198                          proxy-authentication credentials */
00199     STATUS          /**< Indicates that status messages are to be displayed to
00200                          the user*/
00201 };
00202 
00203 
00204 /**
00205  * Indicates the prompt or credential type.
00206  */
00207 #if defined(__midl)
00208 [v1_enum] /*serialize as 32 bits*/
00209 #endif
00210 enum PromptType { Prompt_Input,     /**< label and value. */
00211                   Prompt_Password,  /**< label and value, indicates user
00212                                          response should be masked. */
00213                   Prompt_Banner,    /**< value (the banner) with no label set. */
00214                   Prompt_Combo,     /**< list with choices options. */
00215                   Prompt_Header,    /**< label intended as header and with
00216                                          value. */
00217                   Prompt_Hidden,    /**< hidden value, should be ignored and
00218                                          left unchanged in response. */
00219                   Prompt_CheckBox   /**< label and value (contrained to true or false) */
00220 };
00221 
00222 #if defined(__midl)
00223 [v1_enum] /*serialize as 32 bits*/
00224 #endif
00225 
00226 /* 
00227  * ***************** !!! ATTENTION !!! ***********************************
00228  * *
00229  * * When updating this preference enum, you must ensure that the enum in
00230  * * vpn/Api/jni/java/Preference.java is also updated.
00231  * *
00232  * ***************** !!! ATTENTION !!! ***********************************
00233  */
00234 enum PreferenceId 
00235 {
00236     ServiceDisable,             /**< This preference disable the VPN service.  
00237                                  If more than one profile exists and any one
00238                                  profile has VPN enabled, then it will be
00239                                  enabled.  False is the default. */
00240     CertificateStoreOverride,/**< This preference will trigger an alternate 
00241                                  authentication sequence in the API. The 
00242                                  preference is only settable by an 
00243                                  administrator. */
00244     CertificateStore,       /**< This preference indicates which certificate 
00245                                  store AnyConnect should look in for    
00246                                  certificates. The options are All, Machine 
00247                                  and User with a default of All. The preference 
00248                                  is only settable by an administrator. */
00249     ShowPreConnectMessage,  /**< The ShowPreConnectMessage preference gives the
00250                                  administrator the ability to display an AnyConnect 
00251                                  startup banner message. The message will appear 
00252                                  only once per AnyConnect program start. The  
00253                                  preference is only settable by an 
00254                                  administrator. */
00255     AutoConnectOnStart,     /**< This preference allows the user to select 
00256                                  whether to establish a connection automatically
00257                                  on startup or not. */
00258     MinimizeOnConnect,      /**< This preference allows the user to select if
00259                                  the GUI should minimize when the connection is
00260                                  established */
00261     LocalLanAccess,         /**< This preference will provide a mechanism where 
00262                                  the user can disable access to their Local LAN. */
00263     AutoReconnect,          /**< First control of the reconnect behavior. If the 
00264                                  client becomes disconnected for any reason, a 
00265                                  reconnect attempt is made.   */
00266     AutoReconnectBehavior,  /**< Second control of the reconnect behavior. When
00267                                  coming out of suspend/hibernate/standby mode. 
00268                                  Options are disconnect on suspend and reconnect 
00269                                  after suspend. */
00270     UseStartBeforeLogon,    /**< This preference allows an administrator to 
00271                                  control the use of the Start Before Logon 
00272                                  feature. The preference can be set to true (on) 
00273                                  or false (off). */
00274     AutoUpdate,             /**< Once the Downloader has loaded the profile, it 
00275                                  can check the AutoUpdate preference to see if 
00276                                  updates are either disabled or enabled */
00277     RSASecurIDIntegration,  /**< This preference will enable the administrator 
00278                                  and possibly end user to select the preferred 
00279                                  method of managing their SDI PIN and PASSCODE 
00280                                  interactions. Options are Automatic (default), 
00281                                  SoftwareTokens and HardwareTokens. */
00282     WindowsLogonEnforcement,/**< This preference allows an administrator to
00283                                  control if more than one user may be logged into
00284                                  the client PC during the VPN connection (Windows
00285                                  only). */
00286     WindowsVPNEstablishment,/**< This preference allows an administrator to
00287                                  control whether or not remote users may initiate
00288                                  a VPN connection (Windows only). */
00289     ProxySettings,          /**< This preference allows an administrator to
00290                                  control how user's proxy setups are handled.*/
00291     AllowLocalProxyConnections, /**< This preference allows the administrator to control
00292                                  whether to allow establishing a connection through
00293                                  a local proxy. */
00294     PPPExclusion,           /**< This preference allows an administrator to control
00295                                  the policy used to exclude routes to
00296                                  PPP servers when connecting over L2TP or PPTP.
00297                                  Options are Automatic (default), Disable,
00298                                  and Override. */
00299     PPPExclusionServerIP,   /**< When PPPExclusion is set to Manual,
00300                                  the value of this preference allows an
00301                                  end user to specify the address of a
00302                                  PPP server that should be excluded
00303                                  from tunnel traffic. */
00304     AutomaticVPNPolicy,     /**< This preference allows an administrator to 
00305                                  define a policy to automatically manage when a 
00306                                  VPN connection should be started or stopped. */
00307     TrustedNetworkPolicy,   /**< This preference allows an administrator to 
00308                                  define a policy for users in trusted networks.
00309                                  The options are: Disconnect or DoNothing. */
00310     UntrustedNetworkPolicy, /**< This preference allows an administrator to 
00311                                  define a policy for users in untrusted networks.
00312                                  The options are: Connect or DoNothing. */
00313     TrustedDNSDomains,      /**< This preference defines a list of comma 
00314                                  separated DNS suffixes that a network interface
00315                                  in a trusted network might have. */
00316     TrustedDNSServers,      /**< This preference defines a list of comma 
00317                                  separated DNS servers that a network interface
00318                                  in a trusted network might have. */
00319     AlwaysOn,               /**< This preference governs VPN reestablishment after
00320                                  interruptions */
00321     ConnectFailurePolicy,   /**< This preference gives the network administrator 
00322                                  the ability to dictate the network access allowed
00323                                  by the client endpoint device following a VPN
00324                                  connection establishment failure. It is a component
00325                                  of AlwaysOn */
00326     AllowCaptivePortalRemediation, /**< This preference gives the network administrator
00327                                     the ability to dictate the network access 
00328                                     allowed by the client endpoint device following
00329                                     a VPN connection establishment failure it is a
00330                                     component of AlwaysOn */
00331     CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
00332                                      the ability to impose a time limit for captive portal 
00333                                      remediation when the ConnectFailurePolicy value is Closed
00334                                      It is a component of AlwaysOn */
00335     ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 
00336                                        the ability to allow split routes and firewall rules 
00337                                        to be applied following a VPN connection establishment
00338                                        failure when the ConnectFailurePolicy value is Closed
00339                                        It is a component of AlwaysOn */
00340     AllowVPNDisconnect,     /**< During Always On, this specifies that the user is allowed to
00341                                  disconnect the VPN session. */
00342     EnableScripting,        /**< This preference allows an administrator to 
00343                                  enable scripting (on connect or on
00344                                  disconnect). */
00345     TerminateScriptOnNextEvent,   /**< This preference dictates whether or not
00346                                        AnyConnect will terminate a running script
00347                                        process if a transition to another
00348                                        scriptable event occurs. */
00349     EnablePostSBLOnConnectScript, /**< This preference is used to control whether
00350                                        or not the OnConnect script will be launched
00351                                        from the desktop GUI when a tunnel has been
00352                                        established via SBL. */
00353     AutomaticCertSelection,   /**< This preference dictates whether or not to disable
00354                                    the default automatic certificate selection for user
00355                                    certificates. If disabled, a certificate selection dialog is
00356                                    displayed. This only applies if the GUI is enabled
00357                                    and not SBL. This only applies to Windows (not WinMobile). */
00358     RetainVpnOnLogoff,        /**< First control of the logoff behavior. This preference allows
00359                                    an administrator to control if the VPN is terminated or retained
00360                                    after user logs off.*/
00361     UserEnforcement,          /**< Second control of the logoff behavior. When the VPN connection has
00362                                    been retained after user logged off. Controls what user can log in 
00363                                    and keep the VPN connection. Options are same user only and any user. */
00364     DeviceLockRequired,           /**< This preference indicates whether or not 
00365                                        a Windows Mobile device must be configured
00366                                        with a password or PIN prior to establishing
00367                                        a VPN connection. This configuration is 
00368                                        only valid on Windows Mobile devices that
00369                                        use the Microsoft Default Local 
00370                                        Authentication Provider (LAP). */
00371     DeviceLockMaximumTimeoutMinutes,   /**< When set to a non-negative number, 
00372                                             this preference specifies the maximum
00373                                             number of minutes a device can be 
00374                                             inactive before device lock takes 
00375                                             into effect. (WM5/WM5AKU2+) */
00376     DeviceLockMinimumPasswordLength,   /**< When set to a non-negative number, 
00377                                             this preference specifies that any 
00378                                             PIN/password used for device lock 
00379                                             must be equal to or longer than
00380                                             the specified value, in characters.
00381                                             This setting must be pushed down to
00382                                             the mobile device by syncing with 
00383                                             an Exchange server before it can be 
00384                                             enforced. (WM5AKU2+) */
00385     DeviceLockPasswordComplexity,      /**< This preference checks whether or 
00386                                             not the password belongs to one of
00387                                             three subtypes: alpha, pin, strong */
00388     EnableAutomaticServerSelection,    /**< Automatic server selection will 
00389                                             automatically select the optimal 
00390                                             secure gateway for the endpoint */
00391     AutoServerSelectionImprovement,    /**< During a reconnection attempt after
00392                                             a system resume, this setting 
00393                                             specifies the minimum  estimated
00394                                             performance improvement required to
00395                                             justify transitioning a user to a new server 
00396                                             This value represents percentage in 0..100 */
00397     AutoServerSelectionSuspendTime,    /**< During a reconnection attempt after
00398                                             a system resume, this specifies the
00399                                             minimum time a user must have been 
00400                                             suspended in order to justify a new
00401                                             server selection calculation. Unit is hours */
00402     AuthenticationTimeout,             /**< Time, in seconds, that the client waits
00403                                             for authentication to be completed.*/
00404     SafeWordSofTokenIntegration,  /**< This preference will enable the administrator and possibly
00405                                        the end user to enable SafeWord SofToken integration.
00406                                        Options are Enabled (true) and Disabled (false - default). */
00407     AllowIPsecOverSSL,                      /**< if 'true' then tunneling of IPSEC over SSL
00408                                             is made possible with help from the ASA.
00409                                         */
00410     ClearSmartcardPin,                 /**< This preference controls whether the smartcard pin
00411                                             will be cleared on a successful connection*/
00412     IPProtocolSupport,                 /**< This preference controls which protocol(s) will be 
00413                                             allowed for the connection*/
00414     AllowManualHostInput,              /**< This preference specifies whether the user
00415                                             is allowed to type a new hostname in the VPN
00416                                             edit box. */
00417     BlockUntrustedServers,             /**< This preference specifies whether the user wants
00418                                             to allow for connections to secure gateways with
00419                                             certificate errors. */
00420     PublicProxyServerAddress,          /**< This preference specifies the public proxy server
00421                                             address to be used. This number is in the format
00422                                             ServerAddr:ServerPort (ex. 101.89.85.444:8080)
00423                                             or just the FQDN. */
00424     UnknownPreference
00425 }; 
00426 
00427 
00428 /** 
00429  * Indicates the scope of the preferences contained in a PreferenceInfo object 
00430  */
00431 #if defined(__midl)
00432 [v1_enum] /*serialize as 32 bits*/
00433 #endif
00434 enum PreferenceScope    
00435 {
00436     User,               /**< Indicates that the preferences were set by a user */
00437     Global,             /**< Indicates that the preferences are global */
00438     UserAndGlobal       /**< Indicates that we have both user and global preferences */
00439 };
00440 
00441 /** 
00442  * Indicates the client mode of operation. Unlike tunneling mode or other 
00443  * mutually exclusive modes, client operating modes are independent settings,
00444  * several of which can be turned on simultaneously.  
00445  */
00446 #if defined(__midl)
00447 [v1_enum] /*serialize as 32 bits*/
00448 #endif
00449 enum OperatingMode
00450 {
00451     FIPS                     = (1 << 0), /**< Indicates that the client is 
00452                                               running in FIPS mode. */
00453     StartBeforeLogon         = (1 << 1), /**< Indicates that the client is 
00454                                               running in Start Before Login 
00455                                               mode. */
00456     GUI                      = (1 << 2), /**< Indicates that the client is 
00457                                               a GUI client (not the CLI). */
00458     TrustedNetworkDetection  = (1 << 3), /**< Indicates that a Trusted Network
00459                                               Detection policy is enabled for
00460                                               the client. */
00461     AlwaysOnVpn              = (1 << 4), /**< Indicates that the Always On 
00462                                               policy is enabled for the client. */
00463     NetworkIssue             = (1 << 5), /**< For user notifications only.
00464                                               Indication by API to the UI that
00465                                               there is a network condition. */
00466     Quarantined              = (1 << 6), /**< Indicates that the VPN session is being 
00467                                               Quarantined by the secure gateway. */
00468     AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
00469                                               is enabled. */
00470     DisconnectAllowed        = (1 << 8), /**< Indicates that the user is allowed
00471                                               to disconnect the VPN based on 
00472                                               policy. */
00473     VPNDisabled              = (1 << 9), /**< Indicates that the VPN service is
00474                                               to be marked as disabled. */
00475     SCEPMode                 = (1 << 10), /**< Indicates that the client is
00476                                                performing a SCEP cert enrollment. */
00477     OnTrustedNetwork         = (1 << 11), /**< Indicates that at last check, the
00478                                                client detected that it was on
00479                                                a trusted network. */
00480     ManualHostInputAllowed   = (1 << 12), /**< Indicates that the user is allowed
00481                                                to add a new host by typing its name
00482                                                in the VPN edit box. */
00483     ErrorSuppressed          = (1 << 13), /**< Indicates a connection error has
00484                                                been returned fronm the agent, but
00485                                                was suppressed to warning to 
00486                                                prevent popup dialog in the UI. */
00487     StrictMode               = (1 << 14)  /**< Indicates that the client is 
00488                                                running in strict certificate trust mode. */
00489 };
00490 
00491 #if defined(PLATFORM_ANDROID)
00492 #if defined(__midl)
00493 [v1_enum] /*serialize as 32 bits*/
00494 #endif
00495 /** 
00496  * Indicates the mode to use for Certificate Based Authentication.
00497  * CertAuth_Automatic is the same as the default AnyConnect configuration.
00498  */
00499 enum CertAuthMode
00500 {
00501     CertAuth_Automatic, /**< Will try each available certificate in succession
00502                              until authentication is obtained or we run out of 
00503                              available certificates */
00504     CertAuth_Disabled,  /**< Will disable Certificate Based Authentication */
00505     CertAuth_Manual     /**< Will only use preconfigured certificate to attempt
00506                              Certificate Based Authentication */
00507 };
00508 #endif
00509 
00510 #endif // _APISTDHEADER_