Skip to content

Resolve "[sync] Backport login_enabled Raw Data Collection to v1.3.1" #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
geunwoonoh merged 1 commit into from
Jan 8, 2026
Merged

Resolve "[sync] Backport login_enabled Raw Data Collection to v1.3.1" #172

geunwoonoh merged 1 commit into from
Jan 8, 2026

Conversation

@geunwoonoh
Copy link
Collaborator

@geunwoonoh geunwoonoh commented Jan 8, 2026

Summary

Backport the login_enabled raw data collection feature from main branch to release/v1.3.1.

This change enables alpamon to collect raw login-related data from /etc/shadow and /etc/shells, allowing the server to make more accurate login_enabled determinations.

Changes

  • Add ShadowExpireDate (*int64) and ValidShells ([]string) fields to UserData struct
  • Add shadowEntry struct for internal shadow file parsing
  • Add loadValidShells() helper function to read /etc/shells
  • Add loadShadowData() helper function to read /etc/shadow
  • Update getUserData() to collect raw data for server-side login_enabled calculation
  • Add unit tests for new functionality

Why Backport?

  • This feature needs to be included in the v1.3.1 release
  • Maintains backward compatibility with existing servers (server ignores extra fields)
  • Security-related improvement requiring deployment

Files Changed

File Changes
pkg/runner/commit_types.go Add raw data fields to UserData, add shadowEntry struct, update GetData()
pkg/runner/commit.go Add constants, loadValidShells(), loadShadowData(), update getUserData()
pkg/runner/commit_test.go Add TestLoadValidShells, TestLoadShadowData, TestGetUserDataWithRawFields

Raw Data Fields

Field Type Source Description
shadow_expire_date *int64 /etc/shadow Raw expiration date (days since epoch)
valid_shells []string /etc/shells Full list of valid login shells

Note: password_locked field is excluded - alpamon runs as root, so websh/webftp can access password-locked accounts regardless.

Example JSON Output

{
  "uid": 1000,
  "gid": 1000,
  "username": "user",
  "description": "User",
  "directory": "/home/user",
  "shell": "/bin/bash",
  "shadow_expire_date": null,
  "valid_shells": ["/bin/sh", "/bin/bash", "/bin/zsh", "/usr/bin/zsh"]
}

Testing

  • go build ./... passes
  • go test -v ./pkg/runner/... -p 1 passes
  • go vet ./pkg/runner/... passes
  • gofmt - no formatting issues

Backward Compatibility

alpamon alpacon-server Behavior
Old (no raw data) Old Server calculates based on shell only
Old (no raw data) New Server calculates based on shell only (fallback)
New (raw data) Old Server ignores extra fields
New (raw data) New Server uses raw data for accurate determination

Related

@geunwoonoh
feat(user): add raw data fields for login_enabled determination
e0f4c7e 
Add ShadowExpireDate and ValidShells fields to UserData struct
to enable alpacon-server login_enabled calculation.
The server can now make more accurate determinations based on
/etc/shadow expiration dates and /etc/shells validation.

Changes:
- Add ShadowExpireDate (*int64) and ValidShells ([]string) to UserData
- Add loadValidShells() and loadShadowData() helper functions
- Update getUserData() to collect raw data from system files
- Add tests for new functionality
@geunwoonoh geunwoonoh self-assigned this Jan 8, 2026
@geunwoonoh geunwoonoh merged commit a1215f1 into release/v1.3.1 Jan 8, 2026
2 checks passed
@geunwoonoh geunwoonoh deleted the 171-sync-backport-login_enabled-raw-data-collection-to-v131 branch January 8, 2026 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@geunwoonoh geunwoonoh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@geunwoonoh