AnyConnect Secure Mobility Client  4.10.08029
api.h
Go to the documentation of this file.
1 /**************************************************************************
2 * Copyright (c) 2008, 2022-2023 Cisco Systems, Inc.
3 * All Rights Reserved. Cisco Highly Confidential.
4 ***************************************************************************
5 *
6 * File: api.h
7 * Date: 01/2008
8 *
9 ***************************************************************************
10 * VPN GUI API module interface types
11 ***************************************************************************/
12 #ifndef _APISTDHEADER_
13 #define _APISTDHEADER_
14 
15 /**
16  * @file
17  * This file contains some basic compiler definitions as well as common enums.
18  */
19 
20 //Not compatible with MIDL
21 #if !defined(__midl)
22 #ifdef _WIN32
23  #pragma warning(disable:4251 4786)
24 
25  #ifndef UNICODE
26  #define UNICODE
27  #endif // UNICODE
28 
29  #ifndef _UNICODE
30  #define _UNICODE
31  #endif // _UNICODE
32 
33  #ifndef tstring
34 /** std::wstring */
35  #define tstring std::wstring /**< my wstring description */
36  #endif // tstring
37 
38 #else // non-windows
39 
40  #ifndef tstring
41  #define tstring std::string
42  #endif // tstring
43 
44 #endif // _WIN32
45 
46 #ifdef _UNICODE
47  #define tostream std::wostream
48 #else
49  #define tostream std::ostream
50 #endif /* UNICODE */
51 
52 
53 //used when including implementation files directly in an EXE.
54 #ifdef _NOEXPORTDLL
55  #define VPN_VPNAPI
56 #else
57  #ifdef _WIN32
58  #ifdef VPN_APIEXPORTS //api
59  #define VPN_VPNAPI __declspec(dllexport)
60  #else
61  #define VPN_VPNAPI __declspec(dllimport)
62  #endif
63  #else
64  #ifdef VPN_APIEXPORTS
65  #define VPN_VPNAPI __attribute__((visibility("default")))
66  #else
67  #define VPN_VPNAPI
68  #endif
69  #endif //_WIN32
70 #endif //NOEXPORTDLL
71 
72 #ifndef OUT
73 #define OUT
74 #endif
75 
76 #ifdef __cplusplus //only include if C++ is being used,
77  //C code also includes api.h for COM proxy of enumerators.
78 #include <string>
79 #include <map>
80 #include <list>
81 
82 typedef std::map<tstring, tstring> ApiStringMap;
83 typedef std::map<tstring, std::list<tstring> > ApiStringListMap;
84 
85 #endif //__cplusplus
86 #endif //#if !defined(__midl)
87 
88 
89 /***** PUT ONLY SHARED ENUMS EXPOSED TO USERS OF API FROM THIS POINT UNTIL END *****\
90 ********* make sure to add the [v1_enum] inside a __midl define to new enums ********
91 \******************** This is also compiled with IDL compiler **********************/
92 
93 #include "GlobalEnums.h"
94 /**
95  * MessageType
96  * presents a level of severity associated with messages that are
97  * sent to the API. The severity can be useful for deciding how a message is
98  * to be shown. A UI might decide based on type to show a message as
99  * a modal dialog versus a message written to the status area for an existing UI.
100  */
101 #if defined(__midl)
102 [v1_enum] /*serialize as 32 bits*/
103 #endif
105 {
106  MsgType_Error, /**< Issue usually requiring user to acknowledge */
107  MsgType_Alert, /**< Warning message that needs to be shown to user. */
108  MsgType_Warn, /**< Less severe, not required to be shown to user */
109  MsgType_Info, /**< General message providing status, progress, etc. */
110  MsgType_Status, /**< Can be used to indicate unexpected tunnel status change. */
111  MsgType_UrlError /**< Error message that provides additional information by opening browser. */
112 };
113 
114 
115 /**
116  * Identifies the type of token that was used successfully when SDI
117  * Authentication is in use.
118  */
119 #if defined(__midl)
120 [v1_enum] /*serialize as 32 bits*/
121 #endif
123 {
124  SDITT_NONE,
125  SDITT_HARDWARE,
126  SDITT_SOFTWARE
127 };
128 
129 /**
130  * Provides the current state of the VPN tunnel.
131  */
132 #if defined(__midl)
133 [v1_enum] /*serialize as 32 bits*/
134 #endif
136 {
137  CONNECTED = STATE_CONNECTED, /**< VPN is active */
138  DISCONNECTED = STATE_DISCONNECTED, /**< VPN is inactive */
139  CONNECTING = STATE_CONNECTING, /**< VPN is being established */
140  DISCONNECTING = STATE_DISCONNECTING, /**< VPN is being terminated */
141  RECONNECTING = STATE_RECONNECTING, /**< VPN is being re-connected. This state
142  can occur due to network or other
143  temporary problems. The state
144  indicates that the VPN is temporarily
145  unavailable and indicates the
146  connection is being re-established. */
147  PAUSING = STATE_PAUSING, /**< VPN is being paused. */
148  PAUSED = STATE_PAUSED, /**< VPN is paused. */
149  SSOPOLLING = STATE_SSOPOLLING, /**< API is doing auth-poll, VPN is disconnected. */
150  UNKNOWN = ~0
151 };
152 
153 /**
154  * Provides the current sub-state of the VPN tunnel.
155  */
156 #if defined(__midl)
157 [v1_enum] /*serialize as 32 bits*/
158 #endif
160 {
161  VPNSS_NORMAL = VCSS_NORMAL,
162  VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY,
163  VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING,
164  VPNSS_MT_DISCONNECTED_DISABLED = VCSS_MT_DISCONNECTED_DISABLED,
165  VPNSS_MT_DISCONNECTED_TRUSTED_NW = VCSS_MT_DISCONNECTED_TRUSTED_NW,
166  VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE,
167  VPNSS_MT_DISCONNECTED_LAUNCH_FAILED = VCSS_MT_DISCONNECTED_LAUNCH_FAILED,
168  VPNSS_MT_DISCONNECTED_CONNECT_FAILED = VCSS_MT_DISCONNECTED_CONNECT_FAILED,
169  VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG,
170  VPNSS_MT_DISCONNECTED_SW_UP_PENDING = VCSS_MT_DISCONNECTED_SW_UP_PENDING,
171  VPNSS_MTU_ADJUSTMENT_PENDING = VCSS_MTU_ADJUSTMENT_PENDING
172 };
173 
174 /**
175  * WMHint
176  * provides a hint for the GUI to either minimize or un-minimize.
177  */
178 #if defined(__midl)
179 [v1_enum] /*serialize as 32 bits*/
180 #endif
181 enum WMHint
182 {
183  MINIMIZE, /**< hint to minimize GUI */
184  OPEN, /**< hint to un-minimize GUI */
185  QUIT, /**< hint that GUI should close. @see WMHintReason */
186  REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
187  REFRESHPREFS, /**< hint to refresh the preferences */
188  SHOWCONNECTING, /**< hint to display "connecting" status */
189  CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */
190 };
191 
192 
193 /**
194  * WMHintReason
195  * provides a reason indicator for the #WMHint
196  */
197 #if defined(__midl)
198 [v1_enum] /*serialize as 32 bits*/
199 #endif
201 {
202  SECONDGUISTART, /**< Indicates a second GUI has been launched. This
203  indicator is used to suggest that the GUI
204  already running be OPENed and that the first one
205  should exit. */
206  PROXYREQUEST, /**< Proxy credential request can be for web-launch or
207  standalone-initiated connections. */
208  SERVICEFAILURE, /**< This tag is used when the VPN service
209  is no longer available. */
210  DISCONNECT, /**< Any disconnect notices should be seen by the user. */
211  SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
212  has been stopped. */
213  CONNECT, /**< Tag indicating an action to be taken due to connect,
214  for example a request to minimize the UI. */
215  REASONUNKNOWN /**< */
216 };
217 
218 /**
219  * provides an indication of the type of credential data being requested.
220  */
221 #if defined(__midl)
222 [v1_enum] /*serialize as 32 bits*/
223 #endif
225 {
226  CERTIFICATE, /**< Indicates a certificate-only type of connection and
227  would not normally be sent to client unless a
228  post-authentication banner is to be displayed. */
229  CREDENTIALS, /**< Indicates that the user is to be prompted for authentication
230  credentials */
231  PROXY, /**< Indicates that the user is to be prompted for
232  proxy-authentication credentials */
233  MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related
234  to PKCS12 import*/
235  STATUS, /**< Indicates that status messages are to be displayed to
236  the user*/
237  SINGLESIGNON, /**< Indicates an embedded browser based single sign-on authentication method is requested. */
238  SINGLELOGOUT, /**< Indicates an embedded browser based single sign-on authentication logout is requested. */
239  LEGACY_SINGLESIGNON, /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */
240 };
241 
242 
243 /**
244  * Indicates the prompt or credential type.
245  */
246 #if defined(__midl)
247 [v1_enum] /*serialize as 32 bits*/
248 #endif
249 enum PromptType { Prompt_Input, /**< label and value. */
250  Prompt_Password, /**< label and value, indicates user
251  response should be masked. */
252  Prompt_Banner, /**< value (the banner) with no label set. */
253  Prompt_Combo, /**< list with choices options. */
254  Prompt_Header, /**< label intended as header and with
255  value. */
256  Prompt_Hidden, /**< hidden value, should be ignored and
257  left unchanged in response. */
258  Prompt_CheckBox, /**< label and value (contrained to true or false) */
259  Prompt_SSO /**< single sign-on authentication token prompt */
260 };
261 
262 #if defined(__midl)
263 [v1_enum] /*serialize as 32 bits*/
264 #endif
265 
266 /*
267  * ***************** !!! ATTENTION !!! ***********************************
268  * *
269  * * When updating this preference enum, you must ensure that the enum in
270  * * vpn/Api/jni/java/Preference.java is also updated.
271  * *
272  * ***************** !!! ATTENTION !!! ***********************************
273  */
275 {
276  ServiceDisable, /**< This preference disable the VPN service.
277  If more than one profile exists and any one
278  profile has VPN enabled, then it will be
279  enabled. False is the default. */
280  CertificateStoreOverride,/**< This preference will trigger an alternate
281  authentication sequence in the API. The
282  preference is only settable by an
283  administrator. */
284  CertificateStore, /**< This preference indicates which Windows certificate
285  store AnyConnect should look in for client certificates.
286  The options are All, Machine and User with a default of All.
287  The preference is only settable by an administrator. */
288  CertificateStoreMac, /**< This preference indicates which macOS keychain
289  AnyConnect should look in for client certificates.
290  The options are All, System and Login with a default of All.
291  The preference is only settable by an administrator. */
292  CertificateStoreLinux, /**< This preference indicates which Linux certificate
293  store AnyConnect should look in for client certificates.
294  The options are All, Machine and User with a default of All.
295  The preference is only settable by an administrator. */
296  ShowPreConnectMessage, /**< The ShowPreConnectMessage preference gives the
297  administrator the ability to display an AnyConnect
298  startup banner message. The message will appear
299  only once per AnyConnect program start. The
300  preference is only settable by an
301  administrator. */
302  AutoConnectOnStart, /**< This preference allows the user to select
303  whether to establish a connection automatically
304  on startup or not. */
305  MinimizeOnConnect, /**< This preference allows the user to select if
306  the GUI should minimize when the connection is
307  established */
308  LocalLanAccess, /**< This preference will provide a mechanism where
309  the user can disable access to their Local LAN. */
310  DisableCaptivePortalDetection, /**<This preference will provide a mechanism where
311  the user can disable captive portal detection.*/
312  AutoReconnect, /**< First control of the reconnect behavior. If the
313  client becomes disconnected for any reason, a
314  reconnect attempt is made. */
315  AutoReconnectBehavior, /**< Second control of the reconnect behavior. When
316  coming out of suspend/hibernate/standby mode.
317  Options are disconnect on suspend and reconnect
318  after suspend. */
319  SuspendOnConnectedStandby, /**< This setting allows to control whether the VPN tunnel
320  is suspended when the system enters the Connected Standby
321  mode. It applies only to Windows 8 and above. */
322  UseStartBeforeLogon, /**< This preference allows an administrator to
323  control the use of the Start Before Logon
324  feature. The preference can be set to true (on)
325  or false (off). */
326  AutoUpdate, /**< Once the Downloader has loaded the profile, it
327  can check the AutoUpdate preference to see if
328  updates are either disabled or enabled */
329  RSASecurIDIntegration, /**< This preference will enable the administrator
330  and possibly end user to select the preferred
331  method of managing their SDI PIN and PASSCODE
332  interactions. Options are Automatic (default),
333  SoftwareTokens and HardwareTokens. */
334  WindowsLogonEnforcement,/**< This preference allows an administrator to
335  control if more than one user may be logged into
336  the client PC during the VPN connection (Windows
337  only). */
338  WindowsVPNEstablishment,/**< This preference allows an administrator to
339  control whether or not remote users may initiate
340  a VPN connection (Windows only). */
341  LinuxLogonEnforcement, /**< This preference allows an administrator to
342  control if more than one user may be logged into
343  the client PC during the VPN connection (Linux
344  only). */
345  LinuxVPNEstablishment, /**< This preference allows an administrator to
346  control whether or not remote users may initiate
347  a VPN connection (Linux only). */
348  ProxySettings, /**< This preference allows an administrator to
349  control how user's proxy setups are handled.*/
350  AllowLocalProxyConnections, /**< This preference allows the administrator to control
351  whether to allow establishing a connection through
352  a local proxy. */
353  PPPExclusion, /**< This preference allows an administrator to control
354  the policy used to exclude routes to
355  PPP servers when connecting over L2TP or PPTP.
356  Options are Automatic (default), Disable,
357  and Override. */
358  PPPExclusionServerIP, /**< When PPPExclusion is set to Manual,
359  the value of this preference allows an
360  end user to specify the address of a
361  PPP server that should be excluded
362  from tunnel traffic. */
363  AutomaticVPNPolicy, /**< This preference allows an administrator to
364  define a policy to automatically manage when a
365  VPN connection should be started or stopped. */
366  TrustedNetworkPolicy, /**< This preference allows an administrator to
367  define a policy for users in trusted networks.
368  The options are: Disconnect or DoNothing. */
369  UntrustedNetworkPolicy, /**< This preference allows an administrator to
370  define a policy for users in untrusted networks.
371  The options are: Connect or DoNothing. */
372  BypassConnectUponSessionTimeout, /**< This preference allows an administrator
373  the ability to instruct the client to bypass the
374  automatic connection retry after a VPN session timeout. */
375  TrustedDNSDomains, /**< This preference defines a list of comma
376  separated DNS suffixes that a network interface
377  in a trusted network might have. */
378  TrustedDNSServers, /**< This preference defines a list of comma
379  separated DNS servers that a network interface
380  in a trusted network might have. */
381  TrustedHttpsServerList, /**< This preference defines a list of comma separated
382  https servers reachable only via a trusted network.*/
383  AlwaysOn, /**< This preference governs VPN reestablishment after
384  interruptions */
385  ConnectFailurePolicy, /**< This preference gives the network administrator
386  the ability to dictate the network access allowed
387  by the client endpoint device following a VPN
388  connection establishment failure. It is a component
389  of AlwaysOn */
390  AllowCaptivePortalRemediation, /**< This preference gives the network administrator
391  the ability to dictate the network access
392  allowed by the client endpoint device following
393  a VPN connection establishment failure it is a
394  component of AlwaysOn */
395  CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
396  the ability to impose a time limit for captive portal
397  remediation when the ConnectFailurePolicy value is Closed
398  It is a component of AlwaysOn */
399  ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator
400  the ability to allow split routes and firewall rules
401  to be applied following a VPN connection establishment
402  failure when the ConnectFailurePolicy value is Closed
403  It is a component of AlwaysOn */
404  AllowVPNDisconnect, /**< During Always On, this specifies that the user is allowed to
405  disconnect the VPN session. */
406  AllowedHosts, /**< During Always On, user has access to the specified hosts
407  when VPN is disconnected. */
408  EnableScripting, /**< This preference allows an administrator to
409  enable scripting (on connect or on
410  disconnect). */
411  TerminateScriptOnNextEvent, /**< This preference dictates whether or not
412  AnyConnect will terminate a running script
413  process if a transition to another
414  scriptable event occurs. */
415  EnablePostSBLOnConnectScript, /**< This preference is used to control whether
416  or not the OnConnect script will be launched
417  from the desktop GUI when a tunnel has been
418  established via SBL. */
419  AutomaticCertSelection, /**< This preference dictates whether or not to disable
420  the default automatic certificate selection for user
421  certificates. If disabled, a certificate selection dialog is
422  displayed. This only applies if the GUI is enabled
423  and not SBL. This only applies to Windows (not WinMobile). */
424  RetainVpnOnLogoff, /**< First control of the logoff behavior. This preference allows
425  an administrator to control if the VPN is terminated or retained
426  after user logs off.*/
427  UserEnforcement, /**< Second control of the logoff behavior. When the VPN connection has
428  been retained after user logged off. Controls what user can log in
429  and keep the VPN connection. Options are same user only and any user. */
430  DeviceLockRequired, /**< This preference indicates whether or not
431  a Windows Mobile device must be configured
432  with a password or PIN prior to establishing
433  a VPN connection. This configuration is
434  only valid on Windows Mobile devices that
435  use the Microsoft Default Local
436  Authentication Provider (LAP). */
437  DeviceLockMaximumTimeoutMinutes, /**< When set to a non-negative number,
438  this preference specifies the maximum
439  number of minutes a device can be
440  inactive before device lock takes
441  into effect. (WM5/WM5AKU2+) */
442  DeviceLockMinimumPasswordLength, /**< When set to a non-negative number,
443  this preference specifies that any
444  PIN/password used for device lock
445  must be equal to or longer than
446  the specified value, in characters.
447  This setting must be pushed down to
448  the mobile device by syncing with
449  an Exchange server before it can be
450  enforced. (WM5AKU2+) */
451  DeviceLockPasswordComplexity, /**< This preference checks whether or
452  not the password belongs to one of
453  three subtypes: alpha, pin, strong */
454  EnableAutomaticServerSelection, /**< Automatic server selection will
455  automatically select the optimal
456  secure gateway for the endpoint */
457  AutoServerSelectionImprovement, /**< During a reconnection attempt after
458  a system resume, this setting
459  specifies the minimum estimated
460  performance improvement required to
461  justify transitioning a user to a new server
462  This value represents percentage in 0..100 */
463  AutoServerSelectionSuspendTime, /**< During a reconnection attempt after
464  a system resume, this specifies the
465  minimum time a user must have been
466  suspended in order to justify a new
467  server selection calculation. Unit is hours */
468  AuthenticationTimeout, /**< Time, in seconds, that the client waits
469  for authentication to be completed.*/
470  SafeWordSofTokenIntegration, /**< This preference will enable the administrator and possibly
471  the end user to enable SafeWord SofToken integration.
472  Options are Enabled (true) and Disabled (false - default). */
473  AllowIPsecOverSSL, /**< if 'true' then tunneling of IPSEC over SSL
474  is made possible with help from the ASA.
475  */
476  ClearSmartcardPin, /**< This preference controls whether the smartcard pin
477  will be cleared on a successful connection*/
478  IPProtocolSupport, /**< This preference controls which protocol(s) will be
479  allowed for the connection*/
480  CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal
481  remediation and specifies whether the user is allowed to
482  opt for an external browser for remediation, as opposed to
483  the AnyConnect browser. */
484  AllowManualHostInput, /**< This preference specifies whether the user
485  is allowed to type a new hostname in the VPN
486  edit box. */
487  BlockUntrustedServers, /**< This preference specifies whether the user wants
488  to allow for connections to secure gateways with
489  certificate errors. */
490  PublicProxyServerAddress, /**< This preference specifies the public proxy server
491  address to be used. This number is in the format
492  ServerAddr:ServerPort (ex. 101.89.85.444:8080)
493  or just the FQDN. */
494  CertificatePinning, /**< This preference specifies whether Certificate Pinning
495  check should be performed during server certificate
496  verification. */
497  UnknownPreference
498 };
499 
500 
501 /**
502  * Indicates the scope of the preferences contained in a PreferenceInfo object
503  */
504 #if defined(__midl)
505 [v1_enum] /*serialize as 32 bits*/
506 #endif
508 {
509  User, /**< Indicates that the preferences were set by a user */
510  Global, /**< Indicates that the preferences are global */
511  UserAndGlobal /**< Indicates that we have both user and global preferences */
512 };
513 
514 /**
515  * Indicates the client mode of operation. Unlike tunneling mode or other
516  * mutually exclusive modes, client operating modes are independent settings,
517  * several of which can be turned on simultaneously.
518  */
519 #if defined(__midl)
520 [v1_enum] /*serialize as 32 bits*/
521 #endif
523 {
524  FIPS = (1 << 0), /**< Indicates that the client is
525  running in FIPS mode. */
526  StartBeforeLogon = (1 << 1), /**< Indicates that the client is
527  running in Start Before Login
528  mode. */
529  GUI = (1 << 2), /**< Indicates that the client is
530  a GUI client. */
531  TrustedNetworkDetection = (1 << 3), /**< Indicates that a Trusted Network
532  Detection policy is enabled for
533  the client. */
534  AlwaysOnVpn = (1 << 4), /**< Indicates that the Always On
535  policy is enabled for the client. */
536  NetworkIssue = (1 << 5), /**< For user notifications only.
537  Indication by API to the UI that
538  there is a network condition. */
539  Quarantined = (1 << 6), /**< Indicates that the VPN session is being
540  Quarantined by the secure gateway. */
541  AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
542  is enabled. */
543  DisconnectAllowed = (1 << 8), /**< Indicates that the user is allowed
544  to disconnect the VPN based on
545  policy. */
546  VPNDisabled = (1 << 9), /**< Indicates that the VPN service is
547  to be marked as disabled. */
548  SCEPMode = (1 << 10), /**< Indicates that the client is
549  performing a SCEP cert enrollment. */
550  OnTrustedNetwork = (1 << 11), /**< Indicates that at last check, the
551  client detected that it was on
552  a trusted network. */
553  ManualHostInputAllowed = (1 << 12), /**< Indicates that the user is allowed
554  to add a new host by typing its name
555  in the VPN edit box. */
556  ErrorSuppressed = (1 << 13), /**< Indicates a connection error has
557  been returned fronm the agent, but
558  was suppressed to warning to
559  prevent popup dialog in the UI. */
560  StrictMode = (1 << 14), /**< Indicates that the client is
561  running in strict certificate trust mode. */
562  CLI = (1 << 15), /**< Indicates that the client is
563  a CLI client. */
564  Management = (1 << 16) /**< Indicates that the client is strictly
565  used for initiating a management tunnel. */
566 };
567 
568 /**
569  * Indicates the last error seen by the API in this connection attempt.
570  */
571 #if defined(__midl)
572 [v1_enum] /*serialize as 32 bits*/
573 #endif
575 {
576  VPNSuccess = 0, /**< No error has occurred. */
577  VPNError_Generic_FatalError = 1, /**< An error of unknown type has
578  occured */
579 
580  VPNError_Connection_Error = 100, /**< An unknown connection error has
581  occured, such as bad hostname, bad
582  group, etc. */
583  VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the
584  server address */
585 
586  VPNError_Network_Error = 200, /**< An unknown network error has
587  occured, such as DNS resolution
588  error, unable to open socket,
589  routing error, captive portal,
590  etc. */
591 
592  VPNError_Authentication_Error = 300, /**< An unknown user authenication
593  error has occured. */
594 
595  VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does
596  not meet policy requirements (DAP). */
597 
598  VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client
599  certificate error has
600  occured. */
601  VPNError_ClientCertificate_Missing, /**< A client certificate is required
602  but no client certificate has been
603  found on the system. */
604  VPNError_ClientCertificate_Expired, /**< The client certificate has expired */
605  VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not
606  yet valid. */
607 
608  VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has
609  occured when validating
610  the server certificate. */
611  VPNError_ServerCertificate_Expired, /**< The server certificate has
612  expired. */
613  VPNError_ServerCertificate_NotYetValid /**< The server certificate is not
614  yet valid. */
615 };
616 
618 {
619  CertAuth_Automatic, /**< Will try each available certificate in succession
620  until authentication is obtained or we run out of
621  available certificates */
622  CertAuth_Disabled, /**< Will disable Certificate Based Authentication */
623  CertAuth_Manual /**< Will only use preconfigured certificate to attempt
624  Certificate Based Authentication */
625 };
626 
627 enum CertificateType
628 {
629  CertificateType_Client,
630  CertificateType_SystemTrusted,
631  CertificateType_Server
632 };
633 
634 enum CertConfirmReason
635 {
636  CertConfirmReason_Unspecified,
637  CertConfirmReason_NameMismatch,
638  CertConfirmReason_Expired,
639  CertConfirmReason_NotValidYet,
640  CertConfirmReason_UntrustedSource,
641  CertConfirmReason_InvalidUse,
642  CertConfirmReason_Revoked,
643  CertConfirmReason_Malformed,
644  CertConfirmReason_NotFipsCompliant,
645  CertConfirmReason_InvalidateDate,
646  CertConfirmReason_SignatureAlgorithm,
647  CertConfirmReason_KeySize
648 };
649 
650 enum UserResponseError
651 {
652  UserResponseError_None,
653  UserResponseError_Unspecified,
654  UserResponseError_BadServerCert,
655  UserResponseError_SsoNavigation,
656  UserResponseError_SsoGettingCookie,
657  UserResponseError_SsoTimeout,
658  UserResponseError_SsoMissingDependency,
659  UserResponseError_SsoClientCertRequest,
660  UserResponseError_SsoAborted,
661 };
662 
663 #if defined(__midl)
664 [v1_enum] /*serialize as 32 bits*/
665 #endif
666 enum ClientType
667 {
668  ClientType_GUI,
669  ClientType_GUI_SBL,
670  ClientType_CLI,
671  ClientType_MGMT
672 };
673 
674 #endif // _APISTDHEADER_
Definition: api.h:208
Definition: api.h:408
Definition: api.h:484
Definition: api.h:280
Definition: api.h:109
ConnectPromptType
Definition: api.h:224
Definition: api.h:550
Definition: api.h:390
Definition: api.h:424
Definition: api.h:378
Definition: api.h:411
Definition: api.h:548
Definition: api.h:188
Definition: api.h:526
Definition: api.h:238
Definition: api.h:592
Definition: api.h:487
Definition: api.h:494
Definition: api.h:315
Definition: api.h:305
Definition: api.h:111
Definition: api.h:211
Definition: api.h:249
WMHintReason
Definition: api.h:200
Definition: api.h:363
Definition: api.h:419
Definition: api.h:427
Definition: api.h:358
Definition: api.h:576
Definition: api.h:253
Definition: api.h:137
Definition: api.h:183
Definition: api.h:536
Definition: api.h:250
Definition: api.h:622
Definition: api.h:302
Definition: api.h:562
VPNState
Definition: api.h:135
Definition: api.h:140
Definition: api.h:404
Definition: api.h:560
Definition: api.h:296
Definition: api.h:276
Definition: api.h:375
Definition: api.h:308
Definition: api.h:341
Definition: api.h:139
Definition: api.h:259
Definition: api.h:184
Definition: api.h:141
Definition: api.h:556
Definition: api.h:509
WMHint
Definition: api.h:181
Definition: api.h:185
Definition: api.h:437
Definition: api.h:577
Definition: api.h:553
Definition: api.h:510
Definition: api.h:147
Definition: api.h:366
MessageType
Definition: api.h:104
Definition: api.h:237
Definition: api.h:350
Definition: api.h:372
Definition: api.h:239
Definition: api.h:186
Definition: api.h:329
Definition: api.h:226
SDITokenType
Definition: api.h:122
Definition: api.h:106
Definition: api.h:468
Definition: api.h:430
Definition: api.h:312
Definition: api.h:564
Definition: api.h:586
Definition: api.h:229
Definition: api.h:292
Definition: api.h:478
Definition: api.h:529
OperatingMode
Definition: api.h:522
Definition: api.h:213
Definition: api.h:107
Definition: api.h:470
Definition: api.h:490
PreferenceScope
Definition: api.h:507
Definition: api.h:369
Definition: api.h:541
Definition: api.h:381
Definition: api.h:539
Definition: api.h:108
Definition: api.h:338
VPNSubState
Definition: api.h:159
PreferenceId
Definition: api.h:274
Definition: api.h:476
Definition: api.h:233
Definition: api.h:395
Definition: api.h:284
Definition: api.h:473
Definition: api.h:254
Definition: api.h:383
Definition: api.h:326
Definition: api.h:463
Definition: api.h:531
Definition: api.h:288
VPNError
Definition: api.h:574
Definition: api.h:442
CertAuthMode
Definition: api.h:617
Definition: api.h:454
Definition: api.h:546
Definition: api.h:310
Definition: api.h:252
Definition: api.h:534
Definition: api.h:511
Definition: api.h:110
Definition: api.h:319
Definition: api.h:138
Definition: api.h:187
Definition: api.h:399
Definition: api.h:231
Definition: api.h:189
Definition: api.h:348
Definition: api.h:334
Definition: api.h:322
Definition: api.h:406
PromptType
Definition: api.h:249
Definition: api.h:451
Definition: api.h:580
Definition: api.h:385
Definition: api.h:202
Definition: api.h:256
Definition: api.h:524
Definition: api.h:258
Definition: api.h:619
Definition: api.h:149
Definition: api.h:345
Definition: api.h:206
Definition: api.h:457
Definition: api.h:415
Definition: api.h:235
Definition: api.h:543
Definition: api.h:353
Definition: api.h:623
Definition: api.h:210
Definition: api.h:148