AnyConnect Secure Mobility Client 4.10.06090

include/api.h

Go to the documentation of this file.
00001 /**************************************************************************
00002 *   Copyright (c) 2008, 2022 Cisco Systems, Inc.
00003 *   All Rights Reserved. Cisco Highly Confidential.
00004 ***************************************************************************
00005 *
00006 *   File: api.h
00007 *   Date: 01/2008
00008 *
00009 ***************************************************************************
00010 *   VPN GUI API module interface types
00011 ***************************************************************************/
00012 #ifndef _APISTDHEADER_
00013 #define _APISTDHEADER_
00014 
00015 /**
00016  * @file
00017  * This file contains some basic compiler definitions as well as common enums.
00018  */
00019 
00020 //Not compatible with MIDL
00021 #if !defined(__midl)
00022 #ifdef _WIN32
00023     #pragma warning(disable:4251 4786)
00024 
00025     #ifndef UNICODE
00026         #define UNICODE
00027     #endif // UNICODE
00028 
00029     #ifndef _UNICODE
00030         #define _UNICODE
00031     #endif // _UNICODE
00032 
00033     #ifndef tstring
00034 /** std::wstring */
00035         #define tstring std::wstring    /**< my wstring description */
00036     #endif // tstring
00037 
00038 #else // non-windows
00039 
00040     #ifndef tstring
00041         #define tstring std::string
00042     #endif // tstring
00043 
00044 #endif // _WIN32
00045 
00046 #ifdef _UNICODE
00047     #define tostream std::wostream
00048 #else
00049     #define tostream std::ostream
00050 #endif /* UNICODE */
00051 
00052 
00053 //used when including implementation files directly in an EXE.
00054 #ifdef _NOEXPORTDLL
00055     #define VPN_VPNAPI
00056 #else
00057     #ifdef _WIN32
00058         #ifdef VPN_APIEXPORTS //api
00059             #define VPN_VPNAPI __declspec(dllexport)
00060         #else
00061             #define VPN_VPNAPI __declspec(dllimport)
00062         #endif
00063     #else    
00064         #ifdef VPN_APIEXPORTS
00065             #define VPN_VPNAPI  __attribute__((visibility("default")))
00066         #else
00067             #define VPN_VPNAPI
00068         #endif
00069     #endif //_WIN32
00070 #endif //NOEXPORTDLL
00071 
00072 #ifndef OUT
00073 #define OUT
00074 #endif
00075 
00076 #ifdef __cplusplus //only include if C++ is being used, 
00077                    //C code also includes api.h for COM proxy of enumerators.
00078 #include <string>
00079 #include <map>
00080 #include <list>
00081 
00082 typedef std::map<tstring, tstring> ApiStringMap;
00083 typedef std::map<tstring, std::list<tstring> > ApiStringListMap;
00084 
00085 #endif //__cplusplus
00086 #endif //#if !defined(__midl)
00087 
00088 
00089 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
00090 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
00091 \******************** This is also compiled with IDL compiler **********************/
00092 
00093 #include "GlobalEnums.h"
00094 /**
00095  * MessageType
00096  * presents a level of severity associated with messages that are
00097  * sent to the API.  The severity can be useful for deciding how a message is
00098  * to be shown.  A UI might decide based on type to show a message as
00099  * a modal dialog versus a message written to the status area for an existing UI.
00100  */
00101 #if defined(__midl)
00102 [v1_enum] /*serialize as 32 bits*/
00103 #endif
00104 enum MessageType
00105 {
00106     MsgType_Error,      /**< Issue usually requiring user to acknowledge */
00107     MsgType_Alert,      /**< Warning message that needs to be shown to user. */
00108     MsgType_Warn,       /**< Less severe, not required to be shown to user */
00109     MsgType_Info,       /**< General message providing status, progress, etc. */
00110     MsgType_Status,     /**< Can be used to indicate unexpected tunnel status change. */
00111     MsgType_UrlError    /**< Error message that provides additional information by opening browser. */
00112 };
00113 
00114 
00115 /**
00116  * Identifies the type of token that was used successfully when SDI
00117  * Authentication is in use.
00118  */
00119 #if defined(__midl)
00120 [v1_enum] /*serialize as 32 bits*/
00121 #endif
00122 enum SDITokenType 
00123 { 
00124     SDITT_NONE, 
00125     SDITT_HARDWARE, 
00126     SDITT_SOFTWARE 
00127 };
00128 
00129 /**
00130  * Provides the current state of the VPN tunnel.
00131  */
00132 #if defined(__midl)
00133 [v1_enum] /*serialize as 32 bits*/
00134 #endif
00135 enum VPNState
00136 {
00137     CONNECTED     = STATE_CONNECTED,        /**< VPN is active */
00138     DISCONNECTED  = STATE_DISCONNECTED,     /**< VPN is inactive */
00139     CONNECTING    = STATE_CONNECTING,       /**< VPN is being established */
00140     DISCONNECTING = STATE_DISCONNECTING,    /**< VPN is being terminated */
00141     RECONNECTING  = STATE_RECONNECTING,     /**< VPN is being re-connected.  This state 
00142                                                  can occur due to network or other
00143                                                  temporary problems.  The state
00144                                                  indicates that the VPN is temporarily
00145                                                  unavailable and indicates the
00146                                                  connection is being re-established. */
00147     PAUSING       = STATE_PAUSING,          /**< VPN is being paused. */
00148     PAUSED        = STATE_PAUSED,           /**< VPN is paused. */
00149     SSOPOLLING    = STATE_SSOPOLLING,       /**< API is doing auth-poll, VPN is disconnected. */
00150     UNKNOWN       = ~0
00151 };
00152 
00153 /**
00154  * Provides the current sub-state of the VPN tunnel.
00155  */
00156 #if defined(__midl)
00157 [v1_enum] /*serialize as 32 bits*/
00158 #endif
00159 enum VPNSubState
00160 {
00161     VPNSS_NORMAL                            = VCSS_NORMAL,
00162     VPNSS_INDEFINITE_DELAY                  = VCSS_INDEFINITE_DELAY,
00163     VPNSS_SESSION_EXPIRING                  = VCSS_SESSION_EXPIRING,
00164     VPNSS_MT_DISCONNECTED_DISABLED          = VCSS_MT_DISCONNECTED_DISABLED,
00165     VPNSS_MT_DISCONNECTED_TRUSTED_NW        = VCSS_MT_DISCONNECTED_TRUSTED_NW,
00166     VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE,
00167     VPNSS_MT_DISCONNECTED_LAUNCH_FAILED     = VCSS_MT_DISCONNECTED_LAUNCH_FAILED,
00168     VPNSS_MT_DISCONNECTED_CONNECT_FAILED    = VCSS_MT_DISCONNECTED_CONNECT_FAILED,
00169     VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG    = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG,
00170     VPNSS_MT_DISCONNECTED_SW_UP_PENDING     = VCSS_MT_DISCONNECTED_SW_UP_PENDING,
00171     VPNSS_MTU_ADJUSTMENT_PENDING            = VCSS_MTU_ADJUSTMENT_PENDING
00172 };
00173 
00174 /**
00175  * WMHint
00176  * provides a hint for the GUI to either minimize or un-minimize.
00177  */
00178 #if defined(__midl)
00179 [v1_enum] /*serialize as 32 bits*/
00180 #endif
00181 enum WMHint
00182 {
00183     MINIMIZE,       /**< hint to minimize GUI */
00184     OPEN,           /**< hint to un-minimize GUI */
00185     QUIT,           /**< hint that GUI should close.  @see WMHintReason */
00186     REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
00187     REFRESHPREFS,   /**< hint to refresh the preferences */
00188     SHOWCONNECTING,  /**< hint to display "connecting" status */
00189     CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */
00190 };
00191 
00192 
00193 /**
00194  * WMHintReason
00195  * provides a reason indicator for the #WMHint
00196  */
00197 #if defined(__midl)
00198 [v1_enum] /*serialize as 32 bits*/
00199 #endif
00200 enum WMHintReason
00201 {
00202     SECONDGUISTART, /**< Indicates a second GUI has been launched.  This
00203                          indicator is used to suggest that the GUI
00204                          already running be OPENed and that the first one
00205                          should exit. */
00206     PROXYREQUEST,   /**< Proxy credential request can be for web-launch or
00207                          standalone-initiated connections. */
00208     SERVICEFAILURE, /**< This tag is used when the VPN service
00209                          is no longer available. */
00210     DISCONNECT,     /**< Any disconnect notices should be seen by the user. */
00211     SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
00212                          has been stopped. */
00213     CONNECT,        /**< Tag indicating an action to be taken due to connect,
00214                          for example a request to minimize the UI. */
00215     REASONUNKNOWN   /**< */
00216 };
00217 
00218 /**
00219  * provides an indication of the type of credential data being requested.
00220  */
00221 #if defined(__midl)
00222 [v1_enum] /*serialize as 32 bits*/
00223 #endif
00224 enum ConnectPromptType
00225 {
00226     CERTIFICATE,    /**< Indicates a certificate-only type of connection and
00227                          would not normally be sent to client unless a
00228                          post-authentication banner is to be displayed. */
00229     CREDENTIALS,    /**< Indicates that the user is to be prompted for authentication
00230                          credentials */
00231     PROXY,          /**< Indicates that the user is to be prompted for
00232                          proxy-authentication credentials */
00233     MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related
00234                               to PKCS12 import*/
00235     STATUS,         /**< Indicates that status messages are to be displayed to
00236                          the user*/
00237     SINGLESIGNON,   /**< Indicates an embedded browser based single sign-on authentication method is requested. */
00238     SINGLELOGOUT,   /**< Indicates an embedded browser based single sign-on authentication logout is requested. */
00239     LEGACY_SINGLESIGNON,   /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */
00240 };
00241 
00242 
00243 /**
00244  * Indicates the prompt or credential type.
00245  */
00246 #if defined(__midl)
00247 [v1_enum] /*serialize as 32 bits*/
00248 #endif
00249 enum PromptType { Prompt_Input,     /**< label and value. */
00250                   Prompt_Password,  /**< label and value, indicates user
00251                                          response should be masked. */
00252                   Prompt_Banner,    /**< value (the banner) with no label set. */
00253                   Prompt_Combo,     /**< list with choices options. */
00254                   Prompt_Header,    /**< label intended as header and with
00255                                          value. */
00256                   Prompt_Hidden,    /**< hidden value, should be ignored and
00257                                          left unchanged in response. */
00258                   Prompt_CheckBox,  /**< label and value (contrained to true or false) */
00259                   Prompt_SSO        /**< single sign-on authentication token prompt */
00260 };
00261 
00262 #if defined(__midl)
00263 [v1_enum] /*serialize as 32 bits*/
00264 #endif
00265 
00266 /* 
00267  * ***************** !!! ATTENTION !!! ***********************************
00268  * *
00269  * * When updating this preference enum, you must ensure that the enum in
00270  * * vpn/Api/jni/java/Preference.java is also updated.
00271  * *
00272  * ***************** !!! ATTENTION !!! ***********************************
00273  */
00274 enum PreferenceId 
00275 {
00276     ServiceDisable,             /**< This preference disable the VPN service.  
00277                                  If more than one profile exists and any one
00278                                  profile has VPN enabled, then it will be
00279                                  enabled.  False is the default. */
00280     CertificateStoreOverride,/**< This preference will trigger an alternate 
00281                                  authentication sequence in the API. The 
00282                                  preference is only settable by an 
00283                                  administrator. */
00284     CertificateStore,       /**< This preference indicates which Windows certificate 
00285                                  store AnyConnect should look in for client certificates.
00286                                  The options are All, Machine and User with a default of All.
00287                                  The preference is only settable by an administrator. */
00288     CertificateStoreMac,    /**< This preference indicates which macOS keychain
00289                                  AnyConnect should look in for client certificates. 
00290                                  The options are All, System and Login with a default of All. 
00291                                  The preference is only settable by an administrator. */
00292     CertificateStoreLinux,  /**< This preference indicates which Linux certificate
00293                                  store AnyConnect should look in for client certificates. 
00294                                  The options are All, Machine and User with a default of All. 
00295                                  The preference is only settable by an administrator. */
00296     ShowPreConnectMessage,  /**< The ShowPreConnectMessage preference gives the
00297                                  administrator the ability to display an AnyConnect 
00298                                  startup banner message. The message will appear 
00299                                  only once per AnyConnect program start. The  
00300                                  preference is only settable by an 
00301                                  administrator. */
00302     AutoConnectOnStart,     /**< This preference allows the user to select 
00303                                  whether to establish a connection automatically
00304                                  on startup or not. */
00305     MinimizeOnConnect,      /**< This preference allows the user to select if
00306                                  the GUI should minimize when the connection is
00307                                  established */
00308     LocalLanAccess,         /**< This preference will provide a mechanism where 
00309                                  the user can disable access to their Local LAN. */
00310     DisableCaptivePortalDetection, /**<This preference will provide a mechanism where
00311                                    the user can disable captive portal detection.*/
00312     AutoReconnect,          /**< First control of the reconnect behavior. If the 
00313                                  client becomes disconnected for any reason, a 
00314                                  reconnect attempt is made.   */
00315     AutoReconnectBehavior,  /**< Second control of the reconnect behavior. When
00316                                  coming out of suspend/hibernate/standby mode. 
00317                                  Options are disconnect on suspend and reconnect 
00318                                  after suspend. */
00319     SuspendOnConnectedStandby,  /**< This setting allows to control whether the VPN tunnel
00320                                      is suspended when the system enters the Connected Standby 
00321                                      mode. It applies only to Windows 8 and above. */
00322     UseStartBeforeLogon,    /**< This preference allows an administrator to 
00323                                  control the use of the Start Before Logon 
00324                                  feature. The preference can be set to true (on) 
00325                                  or false (off). */
00326     AutoUpdate,             /**< Once the Downloader has loaded the profile, it 
00327                                  can check the AutoUpdate preference to see if 
00328                                  updates are either disabled or enabled */
00329     RSASecurIDIntegration,  /**< This preference will enable the administrator 
00330                                  and possibly end user to select the preferred 
00331                                  method of managing their SDI PIN and PASSCODE 
00332                                  interactions. Options are Automatic (default), 
00333                                  SoftwareTokens and HardwareTokens. */
00334     WindowsLogonEnforcement,/**< This preference allows an administrator to
00335                                  control if more than one user may be logged into
00336                                  the client PC during the VPN connection (Windows
00337                                  only). */
00338     WindowsVPNEstablishment,/**< This preference allows an administrator to
00339                                  control whether or not remote users may initiate
00340                                  a VPN connection (Windows only). */
00341     LinuxLogonEnforcement,  /**< This preference allows an administrator to
00342                                  control if more than one user may be logged into
00343                                  the client PC during the VPN connection (Linux 
00344                                  only). */
00345     LinuxVPNEstablishment,  /**< This preference allows an administrator to
00346                                  control whether or not remote users may initiate
00347                                  a VPN connection (Linux only). */
00348     ProxySettings,          /**< This preference allows an administrator to
00349                                  control how user's proxy setups are handled.*/
00350     AllowLocalProxyConnections, /**< This preference allows the administrator to control
00351                                  whether to allow establishing a connection through
00352                                  a local proxy. */
00353     PPPExclusion,           /**< This preference allows an administrator to control
00354                                  the policy used to exclude routes to
00355                                  PPP servers when connecting over L2TP or PPTP.
00356                                  Options are Automatic (default), Disable,
00357                                  and Override. */
00358     PPPExclusionServerIP,   /**< When PPPExclusion is set to Manual,
00359                                  the value of this preference allows an
00360                                  end user to specify the address of a
00361                                  PPP server that should be excluded
00362                                  from tunnel traffic. */
00363     AutomaticVPNPolicy,     /**< This preference allows an administrator to 
00364                                  define a policy to automatically manage when a 
00365                                  VPN connection should be started or stopped. */
00366     TrustedNetworkPolicy,   /**< This preference allows an administrator to 
00367                                  define a policy for users in trusted networks.
00368                                  The options are: Disconnect or DoNothing. */
00369     UntrustedNetworkPolicy, /**< This preference allows an administrator to 
00370                                  define a policy for users in untrusted networks.
00371                                  The options are: Connect or DoNothing. */
00372     TrustedDNSDomains,      /**< This preference defines a list of comma 
00373                                  separated DNS suffixes that a network interface
00374                                  in a trusted network might have. */
00375     TrustedDNSServers,      /**< This preference defines a list of comma 
00376                                  separated DNS servers that a network interface
00377                                  in a trusted network might have. */
00378     TrustedHttpsServerList,  /**< This preference defines a list of comma separated
00379                                   https servers reachable only via a trusted network.*/
00380     AlwaysOn,               /**< This preference governs VPN reestablishment after
00381                                  interruptions */
00382     ConnectFailurePolicy,   /**< This preference gives the network administrator 
00383                                  the ability to dictate the network access allowed
00384                                  by the client endpoint device following a VPN
00385                                  connection establishment failure. It is a component
00386                                  of AlwaysOn */
00387     AllowCaptivePortalRemediation, /**< This preference gives the network administrator
00388                                     the ability to dictate the network access 
00389                                     allowed by the client endpoint device following
00390                                     a VPN connection establishment failure it is a
00391                                     component of AlwaysOn */
00392     CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
00393                                      the ability to impose a time limit for captive portal 
00394                                      remediation when the ConnectFailurePolicy value is Closed
00395                                      It is a component of AlwaysOn */
00396     ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator 
00397                                        the ability to allow split routes and firewall rules 
00398                                        to be applied following a VPN connection establishment
00399                                        failure when the ConnectFailurePolicy value is Closed
00400                                        It is a component of AlwaysOn */
00401     AllowVPNDisconnect,     /**< During Always On, this specifies that the user is allowed to
00402                                  disconnect the VPN session. */
00403     AllowedHosts,           /**< During Always On, user has access to the specified hosts
00404                                  when VPN is disconnected. */
00405     EnableScripting,        /**< This preference allows an administrator to 
00406                                  enable scripting (on connect or on
00407                                  disconnect). */
00408     TerminateScriptOnNextEvent,   /**< This preference dictates whether or not
00409                                        AnyConnect will terminate a running script
00410                                        process if a transition to another
00411                                        scriptable event occurs. */
00412     EnablePostSBLOnConnectScript, /**< This preference is used to control whether
00413                                        or not the OnConnect script will be launched
00414                                        from the desktop GUI when a tunnel has been
00415                                        established via SBL. */
00416     AutomaticCertSelection,   /**< This preference dictates whether or not to disable
00417                                    the default automatic certificate selection for user
00418                                    certificates. If disabled, a certificate selection dialog is
00419                                    displayed. This only applies if the GUI is enabled
00420                                    and not SBL. This only applies to Windows (not WinMobile). */
00421     RetainVpnOnLogoff,        /**< First control of the logoff behavior. This preference allows
00422                                    an administrator to control if the VPN is terminated or retained
00423                                    after user logs off.*/
00424     UserEnforcement,          /**< Second control of the logoff behavior. When the VPN connection has
00425                                    been retained after user logged off. Controls what user can log in 
00426                                    and keep the VPN connection. Options are same user only and any user. */
00427     DeviceLockRequired,           /**< This preference indicates whether or not 
00428                                        a Windows Mobile device must be configured
00429                                        with a password or PIN prior to establishing
00430                                        a VPN connection. This configuration is 
00431                                        only valid on Windows Mobile devices that
00432                                        use the Microsoft Default Local 
00433                                        Authentication Provider (LAP). */
00434     DeviceLockMaximumTimeoutMinutes,   /**< When set to a non-negative number, 
00435                                             this preference specifies the maximum
00436                                             number of minutes a device can be 
00437                                             inactive before device lock takes 
00438                                             into effect. (WM5/WM5AKU2+) */
00439     DeviceLockMinimumPasswordLength,   /**< When set to a non-negative number, 
00440                                             this preference specifies that any 
00441                                             PIN/password used for device lock 
00442                                             must be equal to or longer than
00443                                             the specified value, in characters.
00444                                             This setting must be pushed down to
00445                                             the mobile device by syncing with 
00446                                             an Exchange server before it can be 
00447                                             enforced. (WM5AKU2+) */
00448     DeviceLockPasswordComplexity,      /**< This preference checks whether or 
00449                                             not the password belongs to one of
00450                                             three subtypes: alpha, pin, strong */
00451     EnableAutomaticServerSelection,    /**< Automatic server selection will 
00452                                             automatically select the optimal 
00453                                             secure gateway for the endpoint */
00454     AutoServerSelectionImprovement,    /**< During a reconnection attempt after
00455                                             a system resume, this setting 
00456                                             specifies the minimum  estimated
00457                                             performance improvement required to
00458                                             justify transitioning a user to a new server 
00459                                             This value represents percentage in 0..100 */
00460     AutoServerSelectionSuspendTime,    /**< During a reconnection attempt after
00461                                             a system resume, this specifies the
00462                                             minimum time a user must have been 
00463                                             suspended in order to justify a new
00464                                             server selection calculation. Unit is hours */
00465     AuthenticationTimeout,             /**< Time, in seconds, that the client waits
00466                                             for authentication to be completed.*/
00467     SafeWordSofTokenIntegration,  /**< This preference will enable the administrator and possibly
00468                                        the end user to enable SafeWord SofToken integration.
00469                                        Options are Enabled (true) and Disabled (false - default). */
00470     AllowIPsecOverSSL,                      /**< if 'true' then tunneling of IPSEC over SSL
00471                                             is made possible with help from the ASA.
00472                                         */
00473     ClearSmartcardPin,                 /**< This preference controls whether the smartcard pin
00474                                             will be cleared on a successful connection*/
00475     IPProtocolSupport,                 /**< This preference controls which protocol(s) will be 
00476                                             allowed for the connection*/
00477     CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal 
00478                                                   remediation and specifies whether the user is allowed to
00479                                                   opt for an external browser for remediation, as opposed to 
00480                                                   the AnyConnect browser. */
00481     AllowManualHostInput,              /**< This preference specifies whether the user
00482                                             is allowed to type a new hostname in the VPN
00483                                             edit box. */
00484     BlockUntrustedServers,             /**< This preference specifies whether the user wants
00485                                             to allow for connections to secure gateways with
00486                                             certificate errors. */
00487     PublicProxyServerAddress,          /**< This preference specifies the public proxy server
00488                                             address to be used. This number is in the format
00489                                             ServerAddr:ServerPort (ex. 101.89.85.444:8080)
00490                                             or just the FQDN. */
00491     CertificatePinning,                /**< This preference specifies whether Certificate Pinning
00492                                             check should be performed during server certificate
00493                                             verification. */
00494     UnknownPreference
00495 }; 
00496 
00497 
00498 /** 
00499  * Indicates the scope of the preferences contained in a PreferenceInfo object 
00500  */
00501 #if defined(__midl)
00502 [v1_enum] /*serialize as 32 bits*/
00503 #endif
00504 enum PreferenceScope    
00505 {
00506     User,               /**< Indicates that the preferences were set by a user */
00507     Global,             /**< Indicates that the preferences are global */
00508     UserAndGlobal       /**< Indicates that we have both user and global preferences */
00509 };
00510 
00511 /** 
00512  * Indicates the client mode of operation. Unlike tunneling mode or other 
00513  * mutually exclusive modes, client operating modes are independent settings,
00514  * several of which can be turned on simultaneously.  
00515  */
00516 #if defined(__midl)
00517 [v1_enum] /*serialize as 32 bits*/
00518 #endif
00519 enum OperatingMode
00520 {
00521     FIPS                     = (1 << 0), /**< Indicates that the client is 
00522                                               running in FIPS mode. */
00523     StartBeforeLogon         = (1 << 1), /**< Indicates that the client is 
00524                                               running in Start Before Login 
00525                                               mode. */
00526     GUI                      = (1 << 2), /**< Indicates that the client is 
00527                                               a GUI client. */
00528     TrustedNetworkDetection  = (1 << 3), /**< Indicates that a Trusted Network
00529                                               Detection policy is enabled for
00530                                               the client. */
00531     AlwaysOnVpn              = (1 << 4), /**< Indicates that the Always On 
00532                                               policy is enabled for the client. */
00533     NetworkIssue             = (1 << 5), /**< For user notifications only.
00534                                               Indication by API to the UI that
00535                                               there is a network condition. */
00536     Quarantined              = (1 << 6), /**< Indicates that the VPN session is being 
00537                                               Quarantined by the secure gateway. */
00538     AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
00539                                               is enabled. */
00540     DisconnectAllowed        = (1 << 8), /**< Indicates that the user is allowed
00541                                               to disconnect the VPN based on 
00542                                               policy. */
00543     VPNDisabled              = (1 << 9), /**< Indicates that the VPN service is
00544                                               to be marked as disabled. */
00545     SCEPMode                 = (1 << 10), /**< Indicates that the client is
00546                                                performing a SCEP cert enrollment. */
00547     OnTrustedNetwork         = (1 << 11), /**< Indicates that at last check, the
00548                                                client detected that it was on
00549                                                a trusted network. */
00550     ManualHostInputAllowed   = (1 << 12), /**< Indicates that the user is allowed
00551                                                to add a new host by typing its name
00552                                                in the VPN edit box. */
00553     ErrorSuppressed          = (1 << 13), /**< Indicates a connection error has
00554                                                been returned fronm the agent, but
00555                                                was suppressed to warning to 
00556                                                prevent popup dialog in the UI. */
00557     StrictMode               = (1 << 14), /**< Indicates that the client is 
00558                                                running in strict certificate trust mode. */
00559     CLI                      = (1 << 15), /**< Indicates that the client is
00560                                                a CLI client. */
00561     Management               = (1 << 16)  /**< Indicates that the client is strictly
00562                                                used for initiating a management tunnel. */
00563 };
00564 
00565 /**
00566  * Indicates the last error seen by the API in this connection attempt.
00567  */
00568 #if defined(__midl)
00569 [v1_enum] /*serialize as 32 bits*/
00570 #endif
00571 enum VPNError
00572 {
00573     VPNSuccess = 0,                      /**< No error has occurred. */
00574     VPNError_Generic_FatalError = 1,     /**< An error of unknown type has
00575                                               occured */
00576 
00577     VPNError_Connection_Error = 100,     /**< An unknown connection error has
00578                                               occured, such as bad hostname, bad
00579                                               group, etc. */
00580     VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the 
00581                                               server address */
00582 
00583     VPNError_Network_Error = 200,        /**< An unknown network error has
00584                                               occured, such as DNS resolution
00585                                               error, unable to open socket,
00586                                               routing error, captive portal,
00587                                               etc. */
00588 
00589     VPNError_Authentication_Error = 300, /**< An unknown user authenication
00590                                               error has occured. */
00591 
00592     VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does 
00593                                                 not meet policy requirements (DAP). */
00594 
00595     VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client
00596                                                         certificate error has
00597                                                         occured. */
00598     VPNError_ClientCertificate_Missing,  /**< A client certificate is required
00599                                               but no client certificate has been
00600                                               found on the system. */
00601     VPNError_ClientCertificate_Expired,  /**< The client certificate has expired */
00602     VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not
00603                                                  yet valid. */
00604 
00605     VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has
00606                                                         occured when validating
00607                                                         the server certificate. */
00608     VPNError_ServerCertificate_Expired,    /**< The server certificate has
00609                                                 expired. */
00610     VPNError_ServerCertificate_NotYetValid /**< The server certificate is not
00611                                                 yet valid. */
00612 };
00613 
00614 enum CertAuthMode
00615 {
00616     CertAuth_Automatic, /**< Will try each available certificate in succession
00617                              until authentication is obtained or we run out of 
00618                              available certificates */
00619     CertAuth_Disabled,  /**< Will disable Certificate Based Authentication */
00620     CertAuth_Manual     /**< Will only use preconfigured certificate to attempt
00621                              Certificate Based Authentication */
00622 };
00623 
00624 enum CertificateType
00625 {
00626     CertificateType_Client,
00627     CertificateType_SystemTrusted,
00628     CertificateType_Server
00629 };
00630 
00631 enum CertConfirmReason
00632 {
00633     CertConfirmReason_Unspecified,
00634     CertConfirmReason_NameMismatch,
00635     CertConfirmReason_Expired,
00636     CertConfirmReason_NotValidYet,
00637     CertConfirmReason_UntrustedSource,
00638     CertConfirmReason_InvalidUse,
00639     CertConfirmReason_Revoked,
00640     CertConfirmReason_Malformed,
00641     CertConfirmReason_NotFipsCompliant,
00642     CertConfirmReason_InvalidateDate,
00643     CertConfirmReason_SignatureAlgorithm,
00644     CertConfirmReason_KeySize
00645 };
00646 
00647 enum UserResponseError
00648 {
00649     UserResponseError_None,
00650     UserResponseError_Unspecified,
00651     UserResponseError_BadServerCert,
00652     UserResponseError_SsoNavigation,
00653     UserResponseError_SsoGettingCookie,
00654     UserResponseError_SsoTimeout,
00655     UserResponseError_SsoMissingDependency,
00656     UserResponseError_SsoClientCertRequest,
00657     UserResponseError_SsoAborted,
00658 };
00659 
00660 #if defined(__midl)
00661 [v1_enum] /*serialize as 32 bits*/
00662 #endif
00663 enum ClientType
00664 {
00665     ClientType_GUI,
00666     ClientType_GUI_SBL,
00667     ClientType_CLI,
00668     ClientType_MGMT
00669 };
00670 
00671 #endif // _APISTDHEADER_