AnyConnect Secure Mobility Client  5.1.2.42
api.h
Go to the documentation of this file.
1 /**************************************************************************
2 * Copyright (c) 2008, 2022-2023 Cisco Systems, Inc.
3 * All Rights Reserved. Cisco Highly Confidential.
4 ***************************************************************************
5 *
6 * File: api.h
7 * Date: 01/2008
8 *
9 ***************************************************************************
10 * VPN GUI API module interface types
11 ***************************************************************************/
12 #ifndef _APISTDHEADER_
13 #define _APISTDHEADER_
14 
15 /**
16  * @file
17  * This file contains some basic compiler definitions as well as common enums.
18  */
19 
20 //Not compatible with MIDL
21 #if !defined(__midl)
22 #ifdef _WIN32
23  #pragma warning(disable:4251 4786)
24 
25  #ifndef UNICODE
26  #define UNICODE
27  #endif // UNICODE
28 
29  #ifndef _UNICODE
30  #define _UNICODE
31  #endif // _UNICODE
32 
33  #ifndef tstring
34 /** std::wstring */
35  #define tstring std::wstring /**< my wstring description */
36  #endif // tstring
37 
38 #else // non-windows
39 
40  #ifndef tstring
41  #define tstring std::string
42  #endif // tstring
43 
44 #endif // _WIN32
45 
46 #ifdef _UNICODE
47  #define tostream std::wostream
48 #else
49  #define tostream std::ostream
50 #endif /* UNICODE */
51 
52 
53 //used when including implementation files directly in an EXE.
54 #ifdef _NOEXPORTDLL
55  #define VPN_VPNAPI
56 #else
57  #ifdef _WIN32
58  #ifdef VPN_APIEXPORTS //api
59  #define VPN_VPNAPI __declspec(dllexport)
60  #else
61  #define VPN_VPNAPI __declspec(dllimport)
62  #endif
63  #else
64  #ifdef VPN_APIEXPORTS
65  #define VPN_VPNAPI __attribute__((visibility("default")))
66  #else
67  #define VPN_VPNAPI
68  #endif
69  #endif //_WIN32
70 #endif //NOEXPORTDLL
71 
72 #ifndef OUT
73 #define OUT
74 #endif
75 
76 #ifndef IN
77 #define IN
78 #endif
79 
80 #ifdef __cplusplus //only include if C++ is being used,
81  //C code also includes api.h for COM proxy of enumerators.
82 #include <string>
83 #include <map>
84 #include <list>
85 
86 typedef std::map<tstring, tstring> ApiStringMap;
87 typedef std::map<tstring, std::list<tstring> > ApiStringListMap;
88 
89 #endif //__cplusplus
90 #endif //#if !defined(__midl)
91 
92 
93 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
94 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
95 \******************** This is also compiled with IDL compiler **********************/
96 
97 #include "GlobalEnums.h"
98 /**
99  * MessageType
100  * presents a level of severity associated with messages that are
101  * sent to the API. The severity can be useful for deciding how a message is
102  * to be shown. A UI might decide based on type to show a message as
103  * a modal dialog versus a message written to the status area for an existing UI.
104  */
105 #if defined(__midl)
106 [v1_enum] /*serialize as 32 bits*/
107 #endif
109 {
110  MsgType_Error, /**< Issue usually requiring user to acknowledge */
111  MsgType_Alert, /**< Warning message that must be shown to user. */
112  MsgType_Warn, /**< Less severe, not required to be shown to user */
113  MsgType_Info, /**< General message providing status, progress, etc. */
114  MsgType_Status, /**< Can be used to indicate unexpected tunnel status change. */
115  MsgType_UrlError, /**< Error message that provides additional information by opening browser. */
116  MsgType_Announcement,/**< Informational message that must be shown to the user.
117  Announcements are currently only supported on desktop platforms. */
118  MsgType_Ephemeral_Alert,/**< Warning message that must be shown to the user, but is closed by
119  the occurrence of an error, announcement, or alert message.
120  Ephemeral Alerts are currently only supported on desktop platforms */
121 };
122 
123 
124 /**
125  * Identifies the type of token that was used successfully when SDI
126  * Authentication is in use.
127  */
128 #if defined(__midl)
129 [v1_enum] /*serialize as 32 bits*/
130 #endif
132 {
133  SDITT_NONE,
134  SDITT_HARDWARE,
135  SDITT_SOFTWARE
136 };
137 
138 /**
139  * Provides the current state of the VPN tunnel.
140  */
141 #if defined(__midl)
142 [v1_enum] /*serialize as 32 bits*/
143 #endif
145 {
146  CONNECTED = STATE_CONNECTED, /**< VPN is active */
147  DISCONNECTED = STATE_DISCONNECTED, /**< VPN is inactive */
148  CONNECTING = STATE_CONNECTING, /**< VPN is being established */
149  DISCONNECTING = STATE_DISCONNECTING, /**< VPN is being terminated */
150  RECONNECTING = STATE_RECONNECTING, /**< VPN is being re-connected. This state
151  can occur due to network or other
152  temporary problems. The state
153  indicates that the VPN is temporarily
154  unavailable and indicates the
155  connection is being re-established. */
156  PAUSING = STATE_PAUSING, /**< VPN is being paused. */
157  PAUSED = STATE_PAUSED, /**< VPN is paused. */
158  SSOPOLLING = STATE_SSOPOLLING, /**< API is doing auth-poll, VPN is disconnected. */
159  UNKNOWN = ~0
160 };
161 
162 /**
163  * Provides the current sub-state of the VPN tunnel.
164  */
165 #if defined(__midl)
166 [v1_enum] /*serialize as 32 bits*/
167 #endif
169 {
170  VPNSS_NORMAL = VCSS_NORMAL,
171  VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY,
172  VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING,
173  VPNSS_MT_DISCONNECTED_DISABLED = VCSS_MT_DISCONNECTED_DISABLED,
174  VPNSS_MT_DISCONNECTED_TRUSTED_NW = VCSS_MT_DISCONNECTED_TRUSTED_NW,
175  VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE,
176  VPNSS_MT_DISCONNECTED_LAUNCH_FAILED = VCSS_MT_DISCONNECTED_LAUNCH_FAILED,
177  VPNSS_MT_DISCONNECTED_CONNECT_FAILED = VCSS_MT_DISCONNECTED_CONNECT_FAILED,
178  VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG,
179  VPNSS_MT_DISCONNECTED_SW_UP_PENDING = VCSS_MT_DISCONNECTED_SW_UP_PENDING,
180  VPNSS_MTU_ADJUSTMENT_PENDING = VCSS_MTU_ADJUSTMENT_PENDING
181 };
182 
183 /**
184  * WMHint
185  * provides a hint for the GUI to either minimize or un-minimize.
186  */
187 #if defined(__midl)
188 [v1_enum] /*serialize as 32 bits*/
189 #endif
190 enum WMHint
191 {
192  MINIMIZE, /**< hint to minimize GUI */
193  OPEN, /**< hint to un-minimize GUI */
194  QUIT, /**< hint that GUI should close. @see WMHintReason */
195  REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
196  REFRESHPREFS, /**< hint to refresh the preferences */
197  SHOWCONNECTING, /**< hint to display "connecting" status */
198  CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */
199 };
200 
201 
202 /**
203  * WMHintReason
204  * provides a reason indicator for the #WMHint
205  */
206 #if defined(__midl)
207 [v1_enum] /*serialize as 32 bits*/
208 #endif
210 {
211  SECONDGUISTART, /**< Indicates a second GUI has been launched. This
212  indicator is used to suggest that the GUI
213  already running be OPENed and that the first one
214  should exit. */
215  PROXYREQUEST, /**< Proxy credential request can be for web-launch or
216  standalone-initiated connections. */
217  SERVICEFAILURE, /**< This tag is used when the VPN service
218  is no longer available. */
219  DISCONNECT, /**< Any disconnect notices should be seen by the user. */
220  SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
221  has been stopped. */
222  CONNECT, /**< Tag indicating an action to be taken due to connect,
223  for example a request to minimize the UI. */
224  REASONUNKNOWN /**< */
225 };
226 
227 /**
228  * provides an indication of the type of credential data being requested.
229  */
230 #if defined(__midl)
231 [v1_enum] /*serialize as 32 bits*/
232 #endif
234 {
235  CERTIFICATE, /**< Indicates a certificate-only type of connection and
236  would not normally be sent to client unless a
237  post-authentication banner is to be displayed. */
238  CREDENTIALS, /**< Indicates that the user is to be prompted for authentication
239  credentials */
240  PROXY, /**< Indicates that the user is to be prompted for
241  proxy-authentication credentials */
242  MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related
243  to PKCS12 import*/
244  STATUS, /**< Indicates that status messages are to be displayed to
245  the user*/
246  SINGLESIGNON, /**< Indicates an embedded browser based single sign-on authentication method is requested. */
247  SINGLELOGOUT, /**< Indicates an embedded browser based single sign-on authentication logout is requested. */
248  LEGACY_SINGLESIGNON, /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */
249 };
250 
251 
252 /**
253  * Indicates the prompt or credential type.
254  */
255 #if defined(__midl)
256 [v1_enum] /*serialize as 32 bits*/
257 #endif
258 enum PromptType { Prompt_Input, /**< label and value. */
259  Prompt_Password, /**< label and value, indicates user
260  response should be masked. */
261  Prompt_Banner, /**< value (the banner) with no label set. */
262  Prompt_Combo, /**< list with choices options. */
263  Prompt_Header, /**< label intended as header and with
264  value. */
265  Prompt_Hidden, /**< hidden value, should be ignored and
266  left unchanged in response. */
267  Prompt_CheckBox, /**< label and value (contrained to true or false) */
268  Prompt_SSO /**< single sign-on authentication token prompt */
269 };
270 
271 #if defined(__midl)
272 [v1_enum] /*serialize as 32 bits*/
273 #endif
274 
275 /*
276  * ***************** !!! ATTENTION !!! ***********************************
277  * *
278  * * When updating this preference enum, you must ensure that the enum in
279  * * vpn/Api/jni/java/Preference.java is also updated.
280  * *
281  * ***************** !!! ATTENTION !!! ***********************************
282  */
284 {
285  ServiceDisable, /**< This preference disable the VPN service.
286  If more than one profile exists and any one
287  profile has VPN enabled, then it will be
288  enabled. False is the default. */
289  CertificateStoreOverride,/**< This preference will trigger an alternate
290  authentication sequence in the API. The
291  preference is only settable by an
292  administrator. */
293  CertificateStore, /**< This preference indicates which Windows certificate
294  store AnyConnect should look in for client certificates.
295  The options are All, Machine and User with a default of All.
296  The preference is only settable by an administrator. */
297  CertificateStoreMac, /**< This preference indicates which macOS keychain
298  AnyConnect should look in for client certificates.
299  The options are All, System and Login with a default of All.
300  The preference is only settable by an administrator. */
301  CertificateStoreLinux, /**< This preference indicates which Linux certificate
302  store AnyConnect should look in for client certificates.
303  The options are All, Machine and User with a default of All.
304  The preference is only settable by an administrator. */
305  ShowPreConnectMessage, /**< The ShowPreConnectMessage preference gives the
306  administrator the ability to display an AnyConnect
307  startup banner message. The message will appear
308  only once per AnyConnect program start. The
309  preference is only settable by an
310  administrator. */
311  AutoConnectOnStart, /**< This preference allows the user to select
312  whether to establish a connection automatically
313  on startup or not. */
314  MinimizeOnConnect, /**< This preference allows the user to select if
315  the GUI should minimize when the connection is
316  established */
317  LocalLanAccess, /**< This preference will provide a mechanism where
318  the user can disable access to their Local LAN. */
319  DisableCaptivePortalDetection, /**<This preference will provide a mechanism where
320  the user can disable captive portal detection.*/
321  AutoReconnect, /**< First control of the reconnect behavior. If the
322  client becomes disconnected for any reason, a
323  reconnect attempt is made. */
324  AutoReconnectBehavior, /**< Second control of the reconnect behavior. When
325  coming out of suspend/hibernate/standby mode.
326  Options are disconnect on suspend and reconnect
327  after suspend. */
328  SuspendOnConnectedStandby, /**< This setting allows to control whether the VPN tunnel
329  is suspended when the system enters the Connected Standby
330  mode. It applies only to Windows 8 and above. */
331  UseStartBeforeLogon, /**< This preference allows an administrator to
332  control the use of the Start Before Logon
333  feature. The preference can be set to true (on)
334  or false (off). */
335  AutoUpdate, /**< Once the Downloader has loaded the profile, it
336  can check the AutoUpdate preference to see if
337  updates are either disabled or enabled */
338  RSASecurIDIntegration, /**< This preference will enable the administrator
339  and possibly end user to select the preferred
340  method of managing their SDI PIN and PASSCODE
341  interactions. Options are Automatic (default),
342  SoftwareTokens and HardwareTokens. */
343  WindowsLogonEnforcement,/**< This preference allows an administrator to
344  control if more than one user may be logged into
345  the client PC during the VPN connection (Windows
346  only). */
347  WindowsVPNEstablishment,/**< This preference allows an administrator to
348  control whether or not remote users may initiate
349  a VPN connection (Windows only). */
350  LinuxLogonEnforcement, /**< This preference allows an administrator to
351  control if more than one user may be logged into
352  the client PC during the VPN connection (Linux
353  only). */
354  LinuxVPNEstablishment, /**< This preference allows an administrator to
355  control whether or not remote users may initiate
356  a VPN connection (Linux only). */
357  ProxySettings, /**< This preference allows an administrator to
358  control how user's proxy setups are handled.*/
359  AllowLocalProxyConnections, /**< This preference allows the administrator to control
360  whether to allow establishing a connection through
361  a local proxy. */
362  PPPExclusion, /**< This preference allows an administrator to control
363  the policy used to exclude routes to
364  PPP servers when connecting over L2TP or PPTP.
365  Options are Automatic (default), Disable,
366  and Override. */
367  PPPExclusionServerIP, /**< When PPPExclusion is set to Manual,
368  the value of this preference allows an
369  end user to specify the address of a
370  PPP server that should be excluded
371  from tunnel traffic. */
372  AutomaticVPNPolicy, /**< This preference allows an administrator to
373  define a policy to automatically manage when a
374  VPN connection should be started or stopped. */
375  TrustedNetworkPolicy, /**< This preference allows an administrator to
376  define a policy for users in trusted networks.
377  The options are: Disconnect or DoNothing. */
378  UntrustedNetworkPolicy, /**< This preference allows an administrator to
379  define a policy for users in untrusted networks.
380  The options are: Connect or DoNothing. */
381  BypassConnectUponSessionTimeout, /**< This preference allows an administrator
382  the ability to instruct the client to bypass the
383  automatic connection retry after a VPN session timeout. */
384  TrustedDNSDomains, /**< This preference defines a list of comma
385  separated DNS suffixes that a network interface
386  in a trusted network might have. */
387  TrustedDNSServers, /**< This preference defines a list of comma
388  separated DNS servers that a network interface
389  in a trusted network might have. */
390  TrustedHttpsServerList, /**< This preference defines a list of comma separated
391  https servers reachable only via a trusted network.*/
392  DisableUntrustedInterfaces, /**< This preference disables interface without trusted
393  server connectivity while in trusted network
394  when there are multiple network interfaces. */
395  AlwaysOn, /**< This preference governs VPN reestablishment after
396  interruptions */
397  ConnectFailurePolicy, /**< This preference gives the network administrator
398  the ability to dictate the network access allowed
399  by the client endpoint device following a VPN
400  connection establishment failure. It is a component
401  of AlwaysOn */
402  AllowCaptivePortalRemediation, /**< This preference gives the network administrator
403  the ability to dictate the network access
404  allowed by the client endpoint device following
405  a VPN connection establishment failure it is a
406  component of AlwaysOn */
407  CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
408  the ability to impose a time limit for captive portal
409  remediation when the ConnectFailurePolicy value is Closed
410  It is a component of AlwaysOn */
411  ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator
412  the ability to allow split routes and firewall rules
413  to be applied following a VPN connection establishment
414  failure when the ConnectFailurePolicy value is Closed
415  It is a component of AlwaysOn */
416  AllowVPNDisconnect, /**< During Always On, this specifies that the user is allowed to
417  disconnect the VPN session. */
418  AllowedHosts, /**< During Always On, user has access to the specified hosts
419  when VPN is disconnected. */
420  EnableScripting, /**< This preference allows an administrator to
421  enable scripting (on connect or on
422  disconnect). */
423  TerminateScriptOnNextEvent, /**< This preference dictates whether or not
424  AnyConnect will terminate a running script
425  process if a transition to another
426  scriptable event occurs. */
427  EnablePostSBLOnConnectScript, /**< This preference is used to control whether
428  or not the OnConnect script will be launched
429  from the desktop GUI when a tunnel has been
430  established via SBL. */
431  AutomaticCertSelection, /**< This preference dictates whether or not to disable
432  the default automatic certificate selection for user
433  certificates. If disabled, a certificate selection dialog is
434  displayed. This only applies if the GUI is enabled
435  and not SBL. This only applies to Windows (not WinMobile). */
436  RetainVpnOnLogoff, /**< First control of the logoff behavior. This preference allows
437  an administrator to control if the VPN is terminated or retained
438  after user logs off.*/
439  UserEnforcement, /**< Second control of the logoff behavior. When the VPN connection has
440  been retained after user logged off. Controls what user can log in
441  and keep the VPN connection. Options are same user only and any user. */
442  DeviceLockRequired, /**< This preference indicates whether or not
443  a Windows Mobile device must be configured
444  with a password or PIN prior to establishing
445  a VPN connection. This configuration is
446  only valid on Windows Mobile devices that
447  use the Microsoft Default Local
448  Authentication Provider (LAP). */
449  DeviceLockMaximumTimeoutMinutes, /**< When set to a non-negative number,
450  this preference specifies the maximum
451  number of minutes a device can be
452  inactive before device lock takes
453  into effect. (WM5/WM5AKU2+) */
454  DeviceLockMinimumPasswordLength, /**< When set to a non-negative number,
455  this preference specifies that any
456  PIN/password used for device lock
457  must be equal to or longer than
458  the specified value, in characters.
459  This setting must be pushed down to
460  the mobile device by syncing with
461  an Exchange server before it can be
462  enforced. (WM5AKU2+) */
463  DeviceLockPasswordComplexity, /**< This preference checks whether or
464  not the password belongs to one of
465  three subtypes: alpha, pin, strong */
466  EnableAutomaticServerSelection, /**< Automatic server selection will
467  automatically select the optimal
468  secure gateway for the endpoint */
469  AutoServerSelectionImprovement, /**< During a reconnection attempt after
470  a system resume, this setting
471  specifies the minimum estimated
472  performance improvement required to
473  justify transitioning a user to a new server
474  This value represents percentage in 0..100 */
475  AutoServerSelectionSuspendTime, /**< During a reconnection attempt after
476  a system resume, this specifies the
477  minimum time a user must have been
478  suspended in order to justify a new
479  server selection calculation. Unit is hours */
480  AuthenticationTimeout, /**< Time, in seconds, that the client waits
481  for authentication to be completed.*/
482  SafeWordSofTokenIntegration, /**< This preference will enable the administrator and possibly
483  the end user to enable SafeWord SofToken integration.
484  Options are Enabled (true) and Disabled (false - default). */
485  AllowIPsecOverSSL, /**< if 'true' then tunneling of IPSEC over SSL
486  is made possible with help from the ASA.
487  */
488  ClearSmartcardPin, /**< This preference controls whether the smartcard pin
489  will be cleared on a successful connection*/
490  IPProtocolSupport, /**< This preference controls which protocol(s) will be
491  allowed for the connection*/
492  CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal
493  remediation and specifies whether the user is allowed to
494  opt for an external browser for remediation, as opposed to
495  the AnyConnect browser. */
496  AllowManualHostInput, /**< This preference specifies whether the user
497  is allowed to type a new hostname in the VPN
498  edit box. */
499  BlockUntrustedServers, /**< This preference specifies whether the user wants
500  to allow for connections to secure gateways with
501  certificate errors. */
502  PublicProxyServerAddress, /**< This preference specifies the public proxy server
503  address to be used. This number is in the format
504  ServerAddr:ServerPort (ex. 101.89.85.444:8080)
505  or just the FQDN. */
506  CertificatePinning, /**< This preference specifies whether Certificate Pinning
507  check should be performed during server certificate
508  verification. */
509  UnknownPreference
510 };
511 
512 
513 /**
514  * Indicates the scope of the preferences contained in a PreferenceInfo object
515  */
516 #if defined(__midl)
517 [v1_enum] /*serialize as 32 bits*/
518 #endif
520 {
521  User, /**< Indicates that the preferences were set by a user */
522  Global, /**< Indicates that the preferences are global */
523  UserAndGlobal /**< Indicates that we have both user and global preferences */
524 };
525 
526 /**
527  * Indicates the client mode of operation. Unlike tunneling mode or other
528  * mutually exclusive modes, client operating modes are independent settings,
529  * several of which can be turned on simultaneously.
530  */
531 #if defined(__midl)
532 [v1_enum] /*serialize as 32 bits*/
533 #endif
535 {
536  FIPS = (1 << 0), /**< Indicates that the client is
537  running in FIPS mode. */
538  StartBeforeLogon = (1 << 1), /**< Indicates that the client is
539  running in Start Before Login
540  mode. */
541  GUI = (1 << 2), /**< Indicates that the client is
542  a GUI client. */
543  TrustedNetworkDetection = (1 << 3), /**< Indicates that a Trusted Network
544  Detection policy is enabled for
545  the client. */
546  AlwaysOnVpn = (1 << 4), /**< Indicates that the Always On
547  policy is enabled for the client. */
548  NetworkIssue = (1 << 5), /**< For user notifications only.
549  Indication by API to the UI that
550  there is a network condition. */
551  Quarantined = (1 << 6), /**< Indicates that the VPN session is being
552  Quarantined by the secure gateway. */
553  AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
554  is enabled. */
555  DisconnectAllowed = (1 << 8), /**< Indicates that the user is allowed
556  to disconnect the VPN based on
557  policy. */
558  VPNDisabled = (1 << 9), /**< Indicates that the VPN service is
559  to be marked as disabled. */
560  SCEPMode = (1 << 10), /**< Indicates that the client is
561  performing a SCEP cert enrollment. */
562  OnTrustedNetwork = (1 << 11), /**< Indicates that at last check, the
563  client detected that it was on
564  a trusted network. */
565  ManualHostInputAllowed = (1 << 12), /**< Indicates that the user is allowed
566  to add a new host by typing its name
567  in the VPN edit box. */
568  ErrorSuppressed = (1 << 13), /**< Indicates a connection error has
569  been returned fronm the agent, but
570  was suppressed to warning to
571  prevent popup dialog in the UI. */
572  StrictMode = (1 << 14), /**< Indicates that the client is
573  running in strict certificate trust mode. */
574  CLI = (1 << 15), /**< Indicates that the client is
575  a CLI client. */
576  Management = (1 << 16) /**< Indicates that the client is strictly
577  used for initiating a management tunnel. */
578 };
579 
580 /**
581  * Indicates the last error seen by the API in this connection attempt.
582  */
583 #if defined(__midl)
584 [v1_enum] /*serialize as 32 bits*/
585 #endif
587 {
588  VPNSuccess = 0, /**< No error has occurred. */
589  VPNError_Generic_FatalError = 1, /**< An error of unknown type has
590  occured */
591 
592  VPNError_Connection_Error = 100, /**< An unknown connection error has
593  occured, such as bad hostname, bad
594  group, etc. */
595  VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the
596  server address */
597 
598  VPNError_Network_Error = 200, /**< An unknown network error has
599  occured, such as DNS resolution
600  error, unable to open socket,
601  routing error, captive portal,
602  etc. */
603 
604  VPNError_Authentication_Error = 300, /**< An unknown user authenication
605  error has occured. */
606 
607  VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does
608  not meet policy requirements (DAP). */
609 
610  VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client
611  certificate error has
612  occured. */
613  VPNError_ClientCertificate_Missing, /**< A client certificate is required
614  but no client certificate has been
615  found on the system. */
616  VPNError_ClientCertificate_Expired, /**< The client certificate has expired */
617  VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not
618  yet valid. */
619 
620  VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has
621  occured when validating
622  the server certificate. */
623  VPNError_ServerCertificate_Expired, /**< The server certificate has
624  expired. */
625  VPNError_ServerCertificate_NotYetValid /**< The server certificate is not
626  yet valid. */
627 };
628 
630 {
631  CertAuth_Automatic, /**< Will try each available certificate in succession
632  until authentication is obtained or we run out of
633  available certificates */
634  CertAuth_Disabled, /**< Will disable Certificate Based Authentication */
635  CertAuth_Manual /**< Will only use preconfigured certificate to attempt
636  Certificate Based Authentication */
637 };
638 
639 enum CertificateType
640 {
641  CertificateType_Client,
642  CertificateType_SystemTrusted,
643  CertificateType_Server
644 };
645 
646 enum CertConfirmReason
647 {
648  CertConfirmReason_Unspecified,
649  CertConfirmReason_NameMismatch,
650  CertConfirmReason_Expired,
651  CertConfirmReason_NotValidYet,
652  CertConfirmReason_UntrustedSource,
653  CertConfirmReason_InvalidUse,
654  CertConfirmReason_Revoked,
655  CertConfirmReason_Malformed,
656  CertConfirmReason_NotFipsCompliant,
657  CertConfirmReason_InvalidateDate,
658  CertConfirmReason_SignatureAlgorithm,
659  CertConfirmReason_KeySize
660 };
661 
662 enum UserResponseError
663 {
664  UserResponseError_None,
665  UserResponseError_Unspecified,
666  UserResponseError_BadServerCert,
667  UserResponseError_SsoNavigation,
668  UserResponseError_SsoGettingCookie,
669  UserResponseError_SsoTimeout,
670  UserResponseError_SsoMissingDependency,
671  UserResponseError_SsoClientCertRequest,
672  UserResponseError_SsoAborted,
673 };
674 
675 #if defined(__midl)
676 [v1_enum] /*serialize as 32 bits*/
677 #endif
678 enum ClientType
679 {
680  ClientType_GUI,
681  ClientType_GUI_SBL,
682  ClientType_CLI,
683  ClientType_MGMT
684 };
685 
686 #endif // _APISTDHEADER_
VPNError_ClientCertificate_NotYetValid
@ VPNError_ClientCertificate_NotYetValid
Definition: api.h:617
CertificateStoreMac
@ CertificateStoreMac
Definition: api.h:297
ConnectFailurePolicy
@ ConnectFailurePolicy
Definition: api.h:397
REFRESHHOSTNAMES
@ REFRESHHOSTNAMES
Definition: api.h:195
Prompt_Hidden
@ Prompt_Hidden
Definition: api.h:265
SuspendOnConnectedStandby
@ SuspendOnConnectedStandby
Definition: api.h:328
VPNError_Connection_Error
@ VPNError_Connection_Error
Definition: api.h:592
WMHintReason
WMHintReason
Definition: api.h:210
AutoConnectOnStart
@ AutoConnectOnStart
Definition: api.h:311
MINIMIZE
@ MINIMIZE
Definition: api.h:192
MsgType_Warn
@ MsgType_Warn
Definition: api.h:112
CREDENTIALS
@ CREDENTIALS
Definition: api.h:238
CertificateStore
@ CertificateStore
Definition: api.h:293
MANUAL_PKCS12_IMPORT
@ MANUAL_PKCS12_IMPORT
Definition: api.h:242
VPNError_Network_Error
@ VPNError_Network_Error
Definition: api.h:598
DeviceLockPasswordComplexity
@ DeviceLockPasswordComplexity
Definition: api.h:463
MsgType_Ephemeral_Alert
@ MsgType_Ephemeral_Alert
Definition: api.h:118
DeviceLockMaximumTimeoutMinutes
@ DeviceLockMaximumTimeoutMinutes
Definition: api.h:449
AutoUpdate
@ AutoUpdate
Definition: api.h:335
ClearSmartcardPin
@ ClearSmartcardPin
Definition: api.h:488
FIPS
@ FIPS
Definition: api.h:536
ErrorSuppressed
@ ErrorSuppressed
Definition: api.h:568
EnablePostSBLOnConnectScript
@ EnablePostSBLOnConnectScript
Definition: api.h:427
DISCONNECT
@ DISCONNECT
Definition: api.h:219
VPNError_ServerCertificate_UnknownError
@ VPNError_ServerCertificate_UnknownError
Definition: api.h:620
WindowsVPNEstablishment
@ WindowsVPNEstablishment
Definition: api.h:347
PAUSING
@ PAUSING
Definition: api.h:156
EnableScripting
@ EnableScripting
Definition: api.h:420
MsgType_Alert
@ MsgType_Alert
Definition: api.h:111
GUI
@ GUI
Definition: api.h:541
PreferenceId
PreferenceId
Definition: api.h:284
SDITokenType
SDITokenType
Definition: api.h:132
DisableCaptivePortalDetection
@ DisableCaptivePortalDetection
Definition: api.h:319
VPNError_Generic_FatalError
@ VPNError_Generic_FatalError
Definition: api.h:589
AutoServerSelectionImprovement
@ AutoServerSelectionImprovement
Definition: api.h:469
AllowedHosts
@ AllowedHosts
Definition: api.h:418
DisconnectAllowed
@ DisconnectAllowed
Definition: api.h:555
Prompt_Header
@ Prompt_Header
Definition: api.h:263
TrustedNetworkPolicy
@ TrustedNetworkPolicy
Definition: api.h:375
Quarantined
@ Quarantined
Definition: api.h:551
Prompt_Banner
@ Prompt_Banner
Definition: api.h:261
PAUSED
@ PAUSED
Definition: api.h:157
AllowIPsecOverSSL
@ AllowIPsecOverSSL
Definition: api.h:485
AutomaticVPNPolicy
@ AutomaticVPNPolicy
Definition: api.h:372
SERVICESTOPPED
@ SERVICESTOPPED
Definition: api.h:220
DeviceLockRequired
@ DeviceLockRequired
Definition: api.h:442
UntrustedNetworkPolicy
@ UntrustedNetworkPolicy
Definition: api.h:378
CLOSECREDENTIALPOPUP
@ CLOSECREDENTIALPOPUP
Definition: api.h:198
MessageType
MessageType
Definition: api.h:109
CertAuthMode
CertAuthMode
Definition: api.h:630
Prompt_Input
@ Prompt_Input
Definition: api.h:258
CONNECT
@ CONNECT
Definition: api.h:222
DISCONNECTED
@ DISCONNECTED
Definition: api.h:147
SSOPOLLING
@ SSOPOLLING
Definition: api.h:158
AutomaticHeadendSelection
@ AutomaticHeadendSelection
Definition: api.h:553
MinimizeOnConnect
@ MinimizeOnConnect
Definition: api.h:314
VPNError_ClientCertificate_Missing
@ VPNError_ClientCertificate_Missing
Definition: api.h:613
WMHint
WMHint
Definition: api.h:191
PublicProxyServerAddress
@ PublicProxyServerAddress
Definition: api.h:502
VPNState
VPNState
Definition: api.h:145
MsgType_UrlError
@ MsgType_UrlError
Definition: api.h:115
DeviceLockMinimumPasswordLength
@ DeviceLockMinimumPasswordLength
Definition: api.h:454
UserAndGlobal
@ UserAndGlobal
Definition: api.h:523
Management
@ Management
Definition: api.h:576
AlwaysOnVpn
@ AlwaysOnVpn
Definition: api.h:546
ProxySettings
@ ProxySettings
Definition: api.h:357
CertAuth_Disabled
@ CertAuth_Disabled
Definition: api.h:634
CertificateStoreOverride
@ CertificateStoreOverride
Definition: api.h:289
WindowsLogonEnforcement
@ WindowsLogonEnforcement
Definition: api.h:343
CertAuth_Automatic
@ CertAuth_Automatic
Definition: api.h:631
VPNError_ClientCertificate_Expired
@ VPNError_ClientCertificate_Expired
Definition: api.h:616
AutomaticCertSelection
@ AutomaticCertSelection
Definition: api.h:431
MsgType_Announcement
@ MsgType_Announcement
Definition: api.h:116
MsgType_Info
@ MsgType_Info
Definition: api.h:113
REFRESHPREFS
@ REFRESHPREFS
Definition: api.h:196
Prompt_Password
@ Prompt_Password
Definition: api.h:259
PPPExclusionServerIP
@ PPPExclusionServerIP
Definition: api.h:367
VPNError
VPNError
Definition: api.h:587
SECONDGUISTART
@ SECONDGUISTART
Definition: api.h:211
CertAuth_Manual
@ CertAuth_Manual
Definition: api.h:635
BlockUntrustedServers
@ BlockUntrustedServers
Definition: api.h:499
Prompt_CheckBox
@ Prompt_CheckBox
Definition: api.h:267
VPNError_Authentication_DAP_Terminate
@ VPNError_Authentication_DAP_Terminate
Definition: api.h:607
PROXY
@ PROXY
Definition: api.h:240
DISCONNECTING
@ DISCONNECTING
Definition: api.h:149
TrustedNetworkDetection
@ TrustedNetworkDetection
Definition: api.h:543
VPNSubState
VPNSubState
Definition: api.h:169
PROXYREQUEST
@ PROXYREQUEST
Definition: api.h:215
SERVICEFAILURE
@ SERVICEFAILURE
Definition: api.h:217
AllowVPNDisconnect
@ AllowVPNDisconnect
Definition: api.h:416
EnableAutomaticServerSelection
@ EnableAutomaticServerSelection
Definition: api.h:466
VPNError_Authentication_Error
@ VPNError_Authentication_Error
Definition: api.h:604
CLI
@ CLI
Definition: api.h:574
ApplyLastVPNLocalResourceRules
@ ApplyLastVPNLocalResourceRules
Definition: api.h:411
SINGLESIGNON
@ SINGLESIGNON
Definition: api.h:246
OperatingMode
OperatingMode
Definition: api.h:535
StrictMode
@ StrictMode
Definition: api.h:572
UseStartBeforeLogon
@ UseStartBeforeLogon
Definition: api.h:331
TrustedDNSServers
@ TrustedDNSServers
Definition: api.h:387
RSASecurIDIntegration
@ RSASecurIDIntegration
Definition: api.h:338
ConnectPromptType
ConnectPromptType
Definition: api.h:234
AllowCaptivePortalRemediation
@ AllowCaptivePortalRemediation
Definition: api.h:402
ManualHostInputAllowed
@ ManualHostInputAllowed
Definition: api.h:565
Prompt_Combo
@ Prompt_Combo
Definition: api.h:262
CONNECTED
@ CONNECTED
Definition: api.h:146
SINGLELOGOUT
@ SINGLELOGOUT
Definition: api.h:247
OPEN
@ OPEN
Definition: api.h:193
SHOWCONNECTING
@ SHOWCONNECTING
Definition: api.h:197
SafeWordSofTokenIntegration
@ SafeWordSofTokenIntegration
Definition: api.h:482
VPNError_ServerCertificate_Expired
@ VPNError_ServerCertificate_Expired
Definition: api.h:623
VPNSuccess
@ VPNSuccess
Definition: api.h:588
VPNError_ClientCertificate_UnknownError
@ VPNError_ClientCertificate_UnknownError
Definition: api.h:610
MsgType_Error
@ MsgType_Error
Definition: api.h:110
User
@ User
Definition: api.h:521
VPNError_Connection_InvalidGroupURL
@ VPNError_Connection_InvalidGroupURL
Definition: api.h:595
PPPExclusion
@ PPPExclusion
Definition: api.h:362
AllowManualHostInput
@ AllowManualHostInput
Definition: api.h:496
STATUS
@ STATUS
Definition: api.h:244
TerminateScriptOnNextEvent
@ TerminateScriptOnNextEvent
Definition: api.h:423
UserEnforcement
@ UserEnforcement
Definition: api.h:439
QUIT
@ QUIT
Definition: api.h:194
CERTIFICATE
@ CERTIFICATE
Definition: api.h:235
AllowLocalProxyConnections
@ AllowLocalProxyConnections
Definition: api.h:359
AutoReconnect
@ AutoReconnect
Definition: api.h:321
AuthenticationTimeout
@ AuthenticationTimeout
Definition: api.h:480
LinuxVPNEstablishment
@ LinuxVPNEstablishment
Definition: api.h:354
VPNError_ServerCertificate_NotYetValid
@ VPNError_ServerCertificate_NotYetValid
Definition: api.h:625
LocalLanAccess
@ LocalLanAccess
Definition: api.h:317
RetainVpnOnLogoff
@ RetainVpnOnLogoff
Definition: api.h:436
IPProtocolSupport
@ IPProtocolSupport
Definition: api.h:490
CertificateStoreLinux
@ CertificateStoreLinux
Definition: api.h:301
StartBeforeLogon
@ StartBeforeLogon
Definition: api.h:538
AutoReconnectBehavior
@ AutoReconnectBehavior
Definition: api.h:324
ShowPreConnectMessage
@ ShowPreConnectMessage
Definition: api.h:305
OnTrustedNetwork
@ OnTrustedNetwork
Definition: api.h:562
NetworkIssue
@ NetworkIssue
Definition: api.h:548
LEGACY_SINGLESIGNON
@ LEGACY_SINGLESIGNON
Definition: api.h:248
CONNECTING
@ CONNECTING
Definition: api.h:148
AlwaysOn
@ AlwaysOn
Definition: api.h:395
RECONNECTING
@ RECONNECTING
Definition: api.h:150
CaptivePortalRemediationTimeout
@ CaptivePortalRemediationTimeout
Definition: api.h:407
Prompt_SSO
@ Prompt_SSO
Definition: api.h:268
LinuxLogonEnforcement
@ LinuxLogonEnforcement
Definition: api.h:350
TrustedDNSDomains
@ TrustedDNSDomains
Definition: api.h:384
SCEPMode
@ SCEPMode
Definition: api.h:560
CaptivePortalRemediationBrowserFailover
@ CaptivePortalRemediationBrowserFailover
Definition: api.h:492
AutoServerSelectionSuspendTime
@ AutoServerSelectionSuspendTime
Definition: api.h:475
CertificatePinning
@ CertificatePinning
Definition: api.h:506
DisableUntrustedInterfaces
@ DisableUntrustedInterfaces
Definition: api.h:392
VPNDisabled
@ VPNDisabled
Definition: api.h:558
PreferenceScope
PreferenceScope
Definition: api.h:520
MsgType_Status
@ MsgType_Status
Definition: api.h:114
BypassConnectUponSessionTimeout
@ BypassConnectUponSessionTimeout
Definition: api.h:381
Global
@ Global
Definition: api.h:522
ServiceDisable
@ ServiceDisable
Definition: api.h:285
PromptType
PromptType
Definition: api.h:258
TrustedHttpsServerList
@ TrustedHttpsServerList
Definition: api.h:390