立即与支持人员聊天
与支持团队交流

Privilege Manager for Unix 7.2.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Miscellaneous functions

These are the built-in miscellaneous functions available to use within the pmpolicy file.

Table 40: Miscellaneous functions
Name Description
atoi Translate a string representation of an integer to an integer.
authenticate_pam Authenticate a user on the primary policy server.
authenticate_pam_toclient Authenticate a user on the client.
basename Return the filename portion of a path.
comparehosts Check whether a host string matches a host definition.
datecmp Compare two date strings.
dirname Return the directory name portion of a path
feature_enabled Determine whether a feature is supported on the policy server
fileexists, access Check whether a file or path exists on the policy server.

getopt

Examine a list of arguments for short options to break up command lines for easier parsing.

getopt_long

Examine a list of arguments for short or long options to break up command lines for easier parsing.

getopt_long

Examine a list of arguments for only long options to break up command lines for easier parsing.

glob Match a string to a pattern.
ingroup Check whether a host is in the specified UNIX group on the policy server.
innetgroup Check whether a user is in the specified NIS netgroup on the policy server.
innetuser, inusernetgroup Check whether a user is in the NIS netgroup or specified netgroup on the policy server.
lineno Return the current line number in the policy file.
mktemp

Create a temporary file. Same as mktemp system.

osname Return a string representation of the operating system.
quote Quote a string.
rand Generate a random number.
stat Obtain information about a file on the policy server.
strftime Format the current date/time as a string.
system Run a program on the policy server.
timebetween Check whether a given time is between two times.
tolower Convert string to lower case.
toupper Convert string to upper case.

uname

Return system information on the policy server; output of uname system command line.

atoi

Syntax
int atoi ( string nptr )
Description

atoi converts the string representation of a decimal integer to an integer. If the string does not contain a number, it produces a syntax error and rejects the session.

This function returns the converted integer.

Example
x=atoi("123"); 
printf("%d\n", x); 

Returns: 123

Related Topics

insert

join

authenticate_pam

Syntax
int authenticate_pam ( string user [, string service] ) 
Description

The authenticate_pam function authenticates a user by means of the PAM (Pluggable Authentication Method) APIs on the policy servers.

For more information on how to configure PAM, consult the documentation for your platform.

The service parameter identifies the name of the PAM service to use to authenticate the user. This can be any valid service name configured in the PAM system configuration. It defaults to the PAM service "login".

This function returns 0 to indicate failure and 1 to indicate success.

Example
if (user=="paul" && basename(command)=="useradd") 
{ 
   if (!authenticate_pam(user, "sshd")) 
   { 
      reject; 
   } 
   runuser="root"; 
   accept; 
}

authenticate_pam_toclient

Syntax
int authenticate_pam_toclient ( string user [, string service] )
Description

The authenticate_pam_toclient function authenticates a user by means of the PAM (Pluggable Authentication Method) APIs on the policy server.

For more information on how to configure PAM, consult the documentation for your platform.

The service parameter identifies the name of the PAM service to use to authenticate the user. This can be any valid service name configured in the PAM system configuration. It defaults to the PAM service "login".

This function returns 0 to indicate failure and 1 to indicate success.

Example
if (user=="paul" && basename(command)=="useradd") 
{ 
   if (!authenticate_pam_toclient(user, "sshd")) 
   { 
      reject; 
   } 
   runuser="root"; 
   accept; 
   }
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级