These are the built-in miscellaneous functions available to use within the policy file:
Name | Description |
---|---|
atoi | Translate a string representation of an integer to an integer. |
authenticate_pam | Authenticate a user on the primary policy server. |
authenticate_pam_toclient | Authenticate a user on the client. |
basename | Return the filename portion of a path. |
comparehosts | Check whether a host string matches a host definition. |
datecmp | Compare two date strings. |
dirname | Return the directory name portion of a path |
feature_enabled | Determine whether a feature is supported on the policy server |
fileexists | Check whether a file exists on the policy server. |
glob | Match a string to a pattern. |
ingroup | Check whether a host is in the specified UNIX® group on the policy server. |
innetgroup | Check whether a user is in the specified NIS netgroup on the policy server. |
innetuser | Check whether a user is in the NIS netgroup. |
lineno | Return the current line number in the policy file. |
mktemp | Create a temporary file. Same as mktemp system. |
osname | Return a string representation of the operating system. |
quote | Quote a string. |
rand | Generate a random number. |
stat | Obtain information about a file on the policy server. |
strftime | Format the current date/time as a string. |
system | Run a program on the policy server. |
timebetween | Check whether a given time is between two times. |
tolower | Convert string to lower case. |
toupper | Convert string to upper case. |
uname | Return system information on the policy server; output of uname system command line. |
int atoi ( string nptr )
atoi converts the string representation of a decimal integer to an integer. If the string does not contain a number, it produces a syntax error and rejects the session.
This function returns the converted integer.
x=atoi("123"); printf("%d\n", x);
Returns: 123
int authenticate_pam ( string user [, string service] )
The authenticate_pam function authenticates a user by means of the PAM (Pluggable Authentication Method) or SIA (Security Integration Architecture) APIs on the policy servers.
|
NOTE: This function is only available on platforms that have native support for PAM or SIA. For more information on how to configure PAM or SIA, consult the documentation for your platform. |
The service parameter identifies the name of the PAM service to use to authenticate the user. This can be any valid service name configured in the PAM/SIA system configuration. It defaults to the PAM service "login".
This function returns 0 to indicate failure and 1 to indicate success.
if (user=="paul" && basename(command)=="useradd") { if (!authenticate_pam(user, "sshd")) { reject; } runuser="root"; accept; }
int authenticate_pam_toclient ( string user [, string service] )
The authenticate_pam_toclient function authenticates a user by means of the PAM (Pluggable Authentication Method) or SIA (Security Integration Architecture) APIs on the policy server.
|
NOTE: This function is only available on platforms that have native support for PAM or SIA. For more information on how to configure PAM or SIA, consult the documentation for your platform. |
The service parameter identifies the name of the PAM service to use to authenticate the user. This can be any valid service name configured in the PAM/SIA system configuration. It defaults to the PAM service "login".
This function returns 0 to indicate failure and 1 to indicate success.
if (user=="paul" && basename(command)=="useradd") { if (!authenticate_pam_toclient(user, "sshd")) { reject; } runuser="root"; accept; }
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy