 |
AnyConnect Secure Mobility Client 4.10.00093
|
|
AnyConnect Secure Mobility Client 4.10.00093
|
00001 /************************************************************************** 00002 * Copyright (c) 2006, Cisco Systems, All Rights Reserved 00003 *************************************************************************** 00004 * 00005 * File: ClientIfc.h 00006 * Date: 11/2006 00007 * 00008 *************************************************************************** 00009 * 00010 * Client Interface class implementation for the Client API. 00011 * 00012 ***************************************************************************/ 00013 00014 #ifndef _CLIENTIFC_ 00015 #define _CLIENTIFC_ 00016 00017 00018 /** 00019 * This is the main interface class for applications that implement the 00020 * Cisco AnyConnect Secure Mobility VPN API. A program wishing to use the API must create a 00021 * class that extends the ClientIfc class. This new class is required to 00022 * provide implementations for the pure virtual methods found in the protected 00023 * section (for example, StatsCB). 00024 * 00025 * Finally, the public section contains methods that are available for 00026 * managing the API. These include methods like attach and connect. 00027 * 00028 * A client must implement the CB (abstract) methods found in the protected 00029 * section of this interface. 00030 * 00031 */ 00032 00033 00034 00035 #include "api.h" 00036 #include "ClientIfcBase.h" 00037 #include "VPNStats.h" 00038 #include "ConnectPromptInfo.h" 00039 #include "Preference.h" 00040 #include "PreferenceInfo.h" 00041 00042 class VPN_VPNAPI ClientIfc : protected ClientIfcBase 00043 { 00044 protected: 00045 00046 /** 00047 * Callback used to deliver new statistics related to the VPN 00048 * connection. 00049 * 00050 * When a connection is active, a new set of statistics is 00051 * delivered each second. 00052 * 00053 * @see resetStats(), stopStats() and startStats() 00054 * 00055 */ 00056 virtual void StatsCB(VPNStats &stats) = 0; 00057 00058 00059 /** 00060 * Callback used to deliver VPN state and state change string. 00061 * The stateString delivered by this method is localized. 00062 * 00063 * See the ::VPNState enum found in api.h for set of valid states. 00064 */ 00065 virtual void StateCB(const VPNState state, 00066 const VPNSubState subState, 00067 const tstring stateString) = 0; 00068 00069 00070 /** 00071 * If a banner needs to be acknowledged, this CB delivers the banner 00072 * to the client. 00073 * 00074 * NOTE: Connection establishment will block until the method 00075 * setBannerResponse() is called. 00076 * 00077 * In a GUI, a banner would typically be displayed in a modal dialog 00078 * with an accept or decline button selection. 00079 * 00080 * @see setBannerResponse() to set the user response to the banner. 00081 */ 00082 virtual void BannerCB(const tstring &banner) = 0; 00083 00084 00085 /** 00086 * Messages are delivered via the NoticeCB and can come from multiple 00087 * sources. There are four message types (error, warning, info and 00088 * status). See the ::MessageType enum in api.h for the list. 00089 * 00090 * Clients using the API as an embedded application (not 00091 * user visible) might want to further characterize 00092 * messages. One option here is to use the AnyConnect message 00093 * catalog and assign message codes as the translations for 00094 * various messages. An application could then track messages based 00095 * on its own error code scheme. 00096 */ 00097 virtual void NoticeCB(const tstring ¬ice, 00098 const MessageType type, 00099 const bool bSensitive = false) = 0; 00100 00101 00102 /** 00103 * This CB would likely occur only during a connection when it was 00104 * detected that the software needed to be upgraded, or when Start 00105 * Before Logon (SBL) is being used. 00106 * 00107 * Unlike the other callback methods, this method provides a default 00108 * implementation (calling the system's exit() function). 00109 * If clients of the API wish to override this behavior, they are 00110 * responsible for ensuring that the current running process exits with 00111 * the return code specified by returnCode. 00112 * 00113 * <b>Caution</b>: IF YOU OVERRIDE THIS METHOD AND DO NOT EXIT WITH 00114 * THE PROPER CODE SOFTWARE UPDATE FUNCTIONALITY IN YOUR CLIENT WILL 00115 * BREAK 00116 */ 00117 virtual void ExitNoticeCB(const tstring &tstrNotice, 00118 const int returnCode); 00119 00120 00121 /** 00122 * Under normal operating conditions, this CB is called as soon 00123 * as the attach method completes. In case the service (vpn agent) 00124 * is not ready, this CB is not called until it is. 00125 * 00126 * Any API calls made prior to this CB being called will result in a 00127 * NoticeCB error message. 00128 */ 00129 virtual void ServiceReadyCB() = 0; 00130 00131 00132 00133 /** 00134 * This method supports prompting for single or multiple values. All 00135 * prompts are considered mandatory. 00136 * 00137 * The ConnectPromptInfo object contains a list of PromptEntry 00138 * instances. The labels and their default values (if any) can be 00139 * found in these instances. After the data has been collected from the user 00140 * it can be set into these same instances. When ready, the client 00141 * application should call the method UserSubmit() to have the 00142 * responses read by the API. 00143 */ 00144 virtual void UserPromptCB(ConnectPromptInfo &ConnectPrompt) = 0; 00145 00146 00147 /** 00148 * Use this method to provide Window Manager hints to GUI 00149 * applications. To receive these hints, the application must 00150 * identify itself as a GUI in the attach method. In addition, this 00151 * method should be overriden to receive any generated events. 00152 * 00153 * Event that can be received include those indicating that a user is 00154 * starting a second instance of the GUI application. This information 00155 * can be used to tell the already running application to un-minimize 00156 * itself and let the new program know that it should Quit (since a GUI 00157 * is already running). 00158 */ 00159 virtual void WMHintCB(const WMHint hint, 00160 const WMHintReason reason); 00161 00162 00163 /** 00164 * This method is useful when the connection to the secure gateway 00165 * has been established as part of a web-launch of the VPN tunnel. 00166 * 00167 * If the client application wishes to be notified of the secure 00168 * gateway to which the VPN has been established, this method should 00169 * be overriden. 00170 * 00171 * If the client application is started and a tunnel is already active, 00172 * this method also delivers the name of the secure gateway host. 00173 */ 00174 virtual void deliverWebLaunchHostCB(const tstring &activeHost); 00175 00176 /** 00177 * This method is called when the preference to block untrusted 00178 * servers is enabled and the current VPN server being connected 00179 * to is untrusted. Clients should present an error to the user 00180 * notifying them that the current connection to rtstrUntrustedServer 00181 * is being blocked. The client should also provide a way for the 00182 * user to change the preference to block untrusted servers. 00183 * 00184 * The user response must be indicated using setCertBlockedResponse 00185 */ 00186 virtual void CertBlockedCB(const tstring &rtstrUntrustedServer) = 0; 00187 00188 /** 00189 * This method is called when connections to untrusted VPN servers 00190 * is allowed by policies and the current VPN server being connected 00191 * to is untrusted. Clients should present a warning to the user 00192 * notifying them that the current connection to rtstrUntrustedServer 00193 * is unsafe. The reason the VPN server is untrusted is provided in 00194 * rltstrCertErrors. The client should provide a way for the user to 00195 * connect once, connect and always trust or cancel the connection. 00196 * If bAllowImport is set to false then the always trust option should 00197 * not be presented to users. 00198 * 00199 * The user response must be indicated using setCertWarningResponse 00200 */ 00201 virtual void CertWarningCB(const tstring &rtstrUntrustedServer, 00202 const std::list<tstring> &rltstrCertErrors, 00203 bool bAllowImport) = 0; 00204 00205 /** 00206 * This method can be overriden if the client application wishes to 00207 * exercise some control over the delivery of events from the other 00208 * protected methods in this class. 00209 * 00210 * This might be necessary in cases where a GUI is being written and 00211 * the data from this API needs to be delivered in the GUI or main 00212 * thread. In this case, you should override this method and when it 00213 * is called by the API post an event to your event queue (message 00214 * pump, etc.). After this event executes in your GUI or main thread, 00215 * call the method ClientIfc::ProcessEvents to have events delivered 00216 * to your client application. 00217 */ 00218 virtual void EventAvailable(); 00219 00220 00221 ClientIfc(); 00222 00223 00224 public: 00225 00226 /** 00227 * After the ClientIfc class has been created, the client implementation 00228 * must invoke this method prior to attempting connections, 00229 * retrieving statistics, etc. If successful, this method returns 00230 * true. If not successful, it returns false and returns a notice error 00231 * message to the user. 00232 * 00233 * A single call to this method is all that is necessary. If the 00234 * attach fails, a message indicating the VPN service is not available 00235 * is returned. If the call succeeds, the ServiceReadyCB is 00236 * called and true is returned. 00237 * 00238 * \param ClientType clientType (default ClientType_GUI) 00239 * Other options: ClientType_GUI_SBL, ClientType_CLI, ClientType_MGMT. 00240 * ClientType_GUI: indicates that the started program is a GUI 00241 * application. With this attribute set to true, the application will 00242 * now receive WMHints. 00243 * ClientType_GUI_SBL: SBL (Start Before Logon) is a mode of operation 00244 * where a GUI can be launched prior to the normal windows logon sequence. 00245 * This allows a VPN tunnel to be activated and used as part of the windows 00246 * logon sequence. This value is applicable only when a corresponding 00247 * argument has been passed to the program by the VPN agent. 00248 * ClientType_CLI: indicates that the started program is a CLI application. 00249 * ClientType_MGMT: indicates that the started program is used to initiate 00250 * an AnyConnect management VPN tunnel. This value is 00251 * applicable only to a client launched by AnyConnect VPN agent. 00252 * 00253 * \param requestFullCapabilities indicates that the client program is 00254 * requesting full API capabilities. Full capabilities allows the 00255 * client program to connect, disconnect, receive statistics, etc. 00256 * When full capabilities are not requested or not available, the 00257 * client program will not be able to establish new VPN connections. 00258 * Only a client program with full capabilites can do this. In 00259 * addition, only the first program requesting full capabilities will 00260 * be granted this level of access. The attach method can succeed 00261 * even if full capabilities is requested but not granted. To test 00262 * for this state, use the method ::hasFullCapabilities. 00263 * 00264 * \param suppressAutoConnect indicates that the client wishes to 00265 * override automatically initiating a connection to the last connected 00266 * secure gateway at startup. Normally, this is determined by the 00267 * value of the AutoConnectOnStart preference. If this flag is true 00268 * then an automatic connection will never be initiated, even if 00269 * AutoConnectOnStart is enabled. 00270 */ 00271 bool attach(ClientType clientType = ClientType_GUI, 00272 bool requestFullCapabilities = true, 00273 bool suppressAutoConnect = true); 00274 00275 00276 /** 00277 * After the client program is done, call the detach method to do a 00278 * graceful cleanup. This method stops the flow 00279 * of events and does general cleanup. 00280 */ 00281 void detach(); 00282 00283 00284 /** 00285 * When the method ClientIfc::EventAvailable has been overriden in the 00286 * client application, this method must be called to receive events. 00287 * 00288 * It is expected that GUI programs will use EventAvailable as a 00289 * signal, allowing them to set an event using their native event 00290 * handler. When that event fires, the application can call 00291 * ProcessEvents, which causes the API to deliver events in the 00292 * client's main thread. 00293 */ 00294 virtual void ProcessEvents(); 00295 00296 00297 /** 00298 * Use this method to determine whether this application has full 00299 * capabilities. Only one application (the first one started) can have 00300 * full capabilities. If this is the first application started, this 00301 * method returns true. When an application has full capabilities, 00302 * it can initiate connections, as well as offer UI capabilities. 00303 */ 00304 bool hasFullCapabilities(); 00305 00306 00307 /** 00308 * This method returns true if the client has an active VPN 00309 * connection with a secure gateway. 00310 */ 00311 bool isConnected(); 00312 00313 00314 /** 00315 * This method returns true if the client VPN is available for use. 00316 * If false is returned this means that VPN has been intentionally 00317 * disabled. This would indicate a situation where other AnyConnect 00318 * services were in use but not VPN. 00319 */ 00320 bool isAvailable(); 00321 00322 00323 /** 00324 * This method returns true if the VPN service is available for 00325 * establishing VPN connections. 00326 */ 00327 bool isVPNServiceAvailable(); 00328 00329 00330 /** 00331 * This method returns true if the mode in which the client is 00332 * currently operating is enabled. For a list of all possible modes 00333 * of operation see the ::OperatingMode enum in api.h. 00334 */ 00335 bool isOperatingMode(OperatingMode opMode); 00336 00337 /** 00338 * This method returns a list of secure gateway host names found in an 00339 * AnyConnect profile. If no profile is available, an empty 00340 * list is returned. 00341 */ 00342 std::list<tstring> getHostNames(); 00343 00344 00345 /** 00346 * This method returns any default Host name from User Preferences. 00347 * 00348 * A host can be returned here even if there are no profiles on the 00349 * system. The host last connected to (via the connect method) is 00350 * returned by this method. 00351 * 00352 * If there is no previously connected-to host, the first host found 00353 * in an AnyConnect profile (if any) is returned. 00354 */ 00355 tstring getDefaultHostName(); 00356 00357 00358 using ClientIfcBase::connect; 00359 /** 00360 * This method initiates a connection to the specified host. 00361 * The connection results in the presentation of authentication 00362 * credentials, as appropriate. Any credentials returned by the secure 00363 * gateway are delivered via the #UserPromptCB method. 00364 * 00365 * See ConnectPromptInfo for more details on possible authentication 00366 * credentials. 00367 * 00368 * If the connection request is accepted, true is returned. This does 00369 * not mean the connection succeeded. If the connection succeeds, a 00370 * state of connect will be received via the #StateCB method. 00371 */ 00372 bool connect(tstring host); 00373 00374 /** 00375 * Use this method to change selected group after initial connection 00376 * request has been made and credentials were delivered. 00377 * 00378 * Depending on secure gateway configuratiion, call to this method may 00379 * result in a new connection request and will update credentials 00380 * required for the selected group. New credentials returned by the 00381 * secure gateway are delivered via the #UserPromptCB method. 00382 */ 00383 virtual bool setNewTunnelGroup(const tstring & group); 00384 00385 /** 00386 * Use this method to initiate a disconnect of the active VPN 00387 * connection. 00388 * 00389 * An indication of VPN disconnect is received via the #StateCB 00390 * method. 00391 */ 00392 void disconnect(); 00393 00394 /** 00395 * Use this method to cancel the user authentication. VPN tunnel is not connected 00396 * at the moment. This function is used to cancel SSO authentication. 00397 * 00398 * An indication of VPN disconnect is received via the #StateCB 00399 * method. 00400 */ 00401 void cancel(); 00402 00403 /** 00404 * This method triggers the retrieval of the current VPN state. 00405 * After the client is conected to the VPN service via the #attach 00406 * method, both the current state and any changes in state are 00407 * automatically delivered to the client. In general, this method 00408 * should not be needed. 00409 * 00410 * ::VPNState is delivered via #StateCB method. 00411 */ 00412 void getState(); 00413 00414 00415 /** 00416 * This method triggers the retrieval of the current VPN statistics. 00417 * This allows an UI to notify the API that it is ready to receive 00418 * statistics. 00419 * 00420 * ::VPNState is delivered via #StatsCB method. 00421 */ 00422 void getStats(); 00423 00424 /** 00425 * This method resets current VPN statistics counters. 00426 */ 00427 void resetStats(); 00428 00429 00430 /** 00431 * This method activates the retrieval of VPN statistics and other 00432 * related data. By default, VPNStats are automatically delivered 00433 * via the method #StatsCB. 00434 * 00435 * If the #stopStats method is called to stop the delivery of 00436 * statistics, this method can be called to resume delivery. 00437 */ 00438 void startStats(); 00439 00440 00441 /** 00442 * This method stops the delivery of VPN statistics and 00443 * other related data. By default, VPNStats are automatically 00444 * delivered. This method disables delivery. 00445 * 00446 * The method #startStats can be called to resume the delivery of 00447 * statistics. 00448 */ 00449 void stopStats(); 00450 00451 00452 /** 00453 * This method directs where and how to export the statistics 00454 */ 00455 void exportStats(const tstring &tstrFilePath); 00456 00457 00458 /** 00459 * Call this method after a #BannerCB has been received to indicate 00460 * that the user response to the banner can now be read. 00461 * 00462 * \param bAccepted 00463 * indicates if the user accepted or declined the banner. 00464 */ 00465 void setBannerResponse(bool bAccepted); 00466 00467 /* 00468 * Call this method after a #CertBlockedCB has been received to 00469 * indicate the user's response to the blocked untrusted VPN server 00470 * error message. 00471 * 00472 * \param bUnblock indicates if the user wants to disable the 00473 * preference to block untrusted servers 00474 */ 00475 void setCertBlockedResponse(bool bUnblock); 00476 00477 /* 00478 * Call this method after a #CertWarningCB has been received to 00479 * indicate the user's response to the server certificate error 00480 * warning 00481 * 00482 * \param bConnect indicates user wants to connect anyways 00483 * \param bImport inidicates user wants to permanently trust 00484 * the VPN server. This would result in no future certificate 00485 * error warning prompts. bImport is only valid if 00486 * bConnect is true and bAllowImport is true when a CertWarningCB 00487 * was given. 00488 */ 00489 void setCertWarningResponse(bool bConnect, bool bImportCert); 00490 00491 00492 /** 00493 * Call this method to indicate that authentication credential 00494 * requests values solicited by the #UserPromptCB method can now 00495 * be read from the ConnectPromptInfo instance. 00496 */ 00497 void UserSubmit(); 00498 00499 00500 /** 00501 * Method for retrieving the currently available user preferences. 00502 * This method returns an instance of the class PreferenceInfo. The 00503 * instance contains a variable number of Preference object pointers. 00504 * Each preference contains data identifying the specific preference, 00505 * its current value, etc. For a list of all possible preferences see 00506 * the ::PreferenceId enum in api.h. Note that some of these 00507 * preferences are not available to the user. 00508 * 00509 * @see PreferenceInfo 00510 */ 00511 PreferenceInfo &getPreferences(); 00512 00513 00514 /** 00515 * This method stores the current set values of the preferences to the 00516 * preferences file(s). This method is a counterpart to the 00517 * getPreferences() method. 00518 */ 00519 bool savePreferences(); 00520 00521 /** 00522 * This is called from the credential dialog in the GUI to get the correct 00523 * friendly name for the dialog title. 00524 */ 00525 tstring getConnectHost(); 00526 00527 /** 00528 * This method sets the last VPN error seen during this connection 00529 * attempt for reporting purposes. This VPN error should be cleared for 00530 * each connection attempt. 00531 */ 00532 void setLastVpnError(VPNError vpnError); 00533 00534 00535 /** 00536 * This method gets the last VPN error seen during this connection 00537 * attempt for reporting purposes. This VPN error should be cleared for 00538 * each connection attempt. 00539 */ 00540 VPNError getLastVpnError(); 00541 00542 virtual ~ClientIfc(); 00543 00544 private: 00545 00546 ClientIfc(const ClientIfc& other); 00547 ClientIfc& operator=(const ClientIfc& other); 00548 00549 }; 00550 00551 #endif //_CLIENTIFC_