validateConfig()) return false; return Taskmanager::submit('MakeTarball', array( 'files' => $this->getFileArray(), 'destination' => $tgz, 'parentTask' => $parent, ), false); } protected function moduleVersion(): int { return self::VERSION; } protected function validateConfig(): bool { return isset($this->moduleData['browser']) || isset($this->moduleData['qrcode']) || !empty($this->moduleData['idp']); } public function setData(string $key, $value): bool { switch ($key) { case 'browser': case 'qrcode': case 'userlogin': case 'idp': case 'regs': break; case 'entitlements': $value = str_replace(["\r", "\n", " ", "\t"], ';', $value); break; default: return false; } $this->moduleData[$key] = $value; return true; } public function allowDownload(): bool { return false; } /** * Creates a map with filepath => file content * @return array{"/opt/openslx/pam/shibboleth/whitelist/shib-$id.idp": string, * "/etc/lightdm/qt-lightdm-greeter.conf.d/shib-$id.conf": string, * "/opt/openslx/pam/shibboleth/whitelist/shib-$id.suffix": string} */ private function getFileArray(): array { $id = $this->id(); $url = CONFIG_SHIB_CLIENT_URL; $browser = ''; $qrcode = ''; $userlogin = ''; if ($this->moduleData['browser'] ?? false) { $browser = "shib-session-enabled = true"; } if ($this->moduleData['qrcode'] ?? false) { $qrcode = "qr-session-enabled = true"; } if (!($this->moduleData['userlogin'] ?? true)) { $userlogin = "user-session-enabled = false"; } return [ "/etc/lightdm/qt-lightdm-greeter.conf.d/shib-$id.conf" => << $this->generateIdpList(), "/opt/openslx/pam/shibboleth/whitelist/shib-$id.suffix" => $this->generateSuffixList(), ]; } /** * Generate plain-text file of suffixes belonging to all enabled entities. * Used by pam-part on client to verify login. */ private function generateSuffixList(): string { $idp2suffix = Shib::getIdp2SuffixList(); if ($idp2suffix === null) return ''; // Explode registrar shortcuts if (is_array($this->moduleData['regs'] ?? 0)) { $idps = Shib::explodeRegistrars($this->moduleData['regs']); } else { $idps = []; } if (is_array($this->moduleData['idp'])) { $idps = array_merge($idps, $this->moduleData['idp']); } // Build $return = ''; foreach ($idps as $idp) { if (empty($idp2suffix[$idp])) continue; $return .= implode("\n", $idp2suffix[$idp]['suffix']) . "\n"; } return $return; } /** * Generates a list of Identity Providers (IdPs) based on the module's configuration data. * Expands registrar data and merges with IdP data into a single list. * If one or more entitlements are required, they're put on the first line. * * @return string A newline-separated string containing the list of IdPs. */ private function generateIdpList(): string { $idps = []; if (!empty($this->moduleData['entitlements'])) { $idps[] = '# entitlements=' . $this->moduleData['entitlements']; } if (is_array($this->moduleData['regs'] ?? 0)) { $idps = array_merge($idps, Shib::explodeRegistrars($this->moduleData['regs'])); } if (is_array($this->moduleData['idp'])) { $idps = array_merge($idps, $this->moduleData['idp']); } return implode("\n", $idps) . "\n"; } }