Chat now with support
Chat with Support

Privilege Manager for Unix 6.1.1 - Administration Guide for Unix

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

Operators and expressions

Operators specify what is done to variables, constants, and expressions.

Expressions combine variables and constants to produce new values. Expressions which use the operators !, ||, &&, ==, !=, <, >, <=, >=, in, !in and () return a boolean value of true or false.

Unless otherwise specified, these operators are valid for all types of variables.

Table 27: Variable operators
Operator Description Example
=

variable = expression

The assignment operator assigns a copy of the expression on the right side to the variable on the left side.

count=0; x=y=1; str="this is a string"; users={"fred", "john"}; list1=users; list[1]="johnr";

+=

variable += expression

The addition self-assignment operator adds the value of the expression to the value of the variable and stores the result in the variable. Valid for integer, double and string data types.

count=1; count +=10; print(count); #prints 11

-=

variable -= expression

The subtraction self-assignment operator subtracts the value of the expression from the value of the variable and stores the result in the variable. Valid for integer and double data types.

Count=10; Count-=2; print(Count); #prints 8

*=

variable *= expression

The multiplication self-assignment operator multiplies the value of the expression by the value of the variable and stores the result in the variable. Valid for integer and double data types.

tot =10; tot *= 10; print(tot); #prints 100

/=

variable /= expression

The division self-assignment operator divides the value of the variable by the value of the expression and stores the result in the variable. Valid for integer and double data types.

tot=10; tot /=2; print(tot); #prints 5

var++

variable ++

The postfix auto increment operator returns the value of the variable and adds 1 to the variable. Valid for integer and double data types.

count=0; userlist[count++]="john";

++var

++variable

The prefix auto increment operator adds 1 to the variable and returns the result. Valid for integer and double data types.

++count=-1; userlist[++count]="john";

var--

variable --

The postfix auto increment operator returns the value of the variable and subtracts 1 from the variable. Valid for integer and double data types.

for(i=10; i>0; i--) {…}

--var

--variable

The prefix auto increment operator subtracts 1 from the variable and returns the result. Valid for integer and double data types.

i=9; do { userlist[--i] = value; } while (i>0);

!

!expression

Negation operator negates the value of the expression and returns the result.

while (!found) {…} no = !true; if (!(a&&b)) reject; #request is rejected if a AND b #are not true

||

expression || expression

Logical or operator resolves to true if either expression resolves to true.

if ((user in list1) || (user in list2)) {accept;}

&&

expression && expression

Logical or operator resolves to true if both expressions resolve to true.

if ((defined myuser) && (myuser == "root")) {accept;}

|

expression | expression

Bitwise or operator resolves to true.

if (word | 0x4) {…}

&

expression & expression

Bitwise and operator resolves to true.

if (word & 0x4) {…}

==

expression == expression

Resolves to true if the expressions are identical.

if (user == "root") {…} if (x==1){…} if (list1 == {"one"}) {…}

!=

Expression != expression

Logical or operator resolves to true if the expressions are not identical.

if (found != true) {…} if (user != "root") {…} if (list1 != {"root"}) {…}

()

(expression)

Forces a particular order of evaluation.

if ((a||b) && c) { accept; } if (a || (b && c)) { reject; }

?:

Conditional expression ? t_expression : f_expression

The conditional expression is evaluated. If it resolves to true, then it evaluates to t_expression, else it evaluates to f_expression.

runuser = (user == "cory") ? "root" : "sys"; # is equivalent to: # if (user=="cory") { # runuser = "root";} # else { # runuser = "sys";}

in

string in expression

Resolves to true if the string is a member of the list. It performs a glob-style check on each member of the list, so each list element can be a glob expression. The string cannot be a glob expression.

list={"root", "admin"}; print("root" in userlist); #prints 1

!in

string !in expression

Resolves to true if the string is not a member of the list. It performs a glob-style check on each member of the list, so each list element can be a glob expression. The string cannot be a glob expression.

list={"root", "admin"}; print("john" ! in userlist); #prints 1

+ - * / %

expression operator expression

Mathematical operators return the result of evaluating the arithmetic expression. The normal mathematical rules for order of evaluation apply. All operands must be integers or doubles. The exception is the + operator which will concatenate strings and lists.

a = 5 + 4 * 2; #a == 13 b = 5 * 4 / 2; #b == 10 c = 5 % 4; #c == 1 d = "string1" + "string2"; #d = "string1 string2" e={"one"}+{"two"}; #e = {"one", "two"};

< > <= >=

expression operator expression

Relational operators resolve to true if the relationship is true.

4 > 7 // evaluates false 4 >= 4 // evaluates true 4 < 1 // evaluates false "foo" == "bar" // false "foo" > "bar" // true, because foo follows bar alphabetically

export

export <varname>

Adds a local variable to the event log and I/O log. Can be specified multiple times.

 
[]

list[number]

Returns the value of an element in a list or array.

list1={"user0", "user1", "user2"}; print(List[2]); #prints user2 list0={"user0", 0}; list1={"user1",1}; maplist={list0, list1}; print(maplist[0][0], maplist[0][1]); #prints user0 0

typeof

typeof expression

Returns a string representation of the type of an expression.

print(typeof x); #undefined x=1; print(typeof x); #integer x="1"; print(typeof x); #string x={"1"};print(typeof x); #array

print(defined x); #prints 0 x=1; print(defined x); #prints 1

Privilege Manager Variables

This appendix provides detailed information about the variables that may be present in event log entries:

See also Profile variables for additional information about policy profile variables.

Variable names

Privilege Manager uses a number of predefined global variables and user-defined variables within the policy scripting language.

Here is some general information about user-defined variables:

  • A user-defined variable is declared the first time it is assigned a value. If a variable is referenced before it has been assigned a value, it has the special type of "undefined".
  • A variable name can be any length.
  • You can use any number of user-defined variables.
  • The first character of a variable name must be a letter or an underscore (_).
  • Variable names are case-sensitive; thus, the names "checkhost" and "CHECKHOST" refer to different variables.
  • Keywords are case-sensitive; you must enter them in lower case.
  • Loose typing is applied when variables of different types are used. Thus, if you use mixed types with an operator, such as, an integer and a string with a "+" operator, the parser will attempt to convert the result to a string.

Variable scope

All variables are global in scope unless declared from within a function or procedure.

If a variable is first declared in a function or procedure, it has local scope within that particular function or procedure and is deleted once the function or procedure returns.

Example
gvar1="global"; 

procedure p1() { 
   gvar1="changed in f1";        #gvar1 has global scope 
   pvar1="local_to_p1";          #pvar1 is local to procedure p1() p2(); 
} 

procedure p2() { 
   gvar1="changed in f2"; # gvar1 is still global 
   print((defined pvar1? pvar1 : "undefined")); 
                          # this line prints "undefined" since 
                          # pvar1 is now out of scope 
}
Related Documents