`c55d684`

feat: persistent SSH agents with session state tracking

- Add session state tracking to prevent orphaned SSH agents
- SSH agents now persist after gitswitch exits for use by git commands
- Kill orphaned agents from previous runs when switching accounts
- Create current.sock symlink for easy shell integration
- Show shell integration tip after successful switch

To use persistent SSH in your shell, add to your rc file:
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gitswitch-ssh/current.sock

Authored by

espadonne 4 months ago

SHA: c55d6840fda46f3bc11230b7268f27f3c03381c3
Parents: aa90aa8
Tree: 382c80b

4 changed files

Status	File	+	-
M	`src/accounts.c`	94	13
M	`src/accounts.h`	9	0
M	`src/main.c`	6	1
M	`src/ssh_manager.c`	53	2

src/accounts.cmodified

   * Implements secure account switching and management for gitswitch-c
   */
 +/* Enable POSIX extensions for setenv/unsetenv */
 +#define _POSIX_C_SOURCE 200809L
++
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include "ssh_manager.h"
  #include "gpg_manager.h"
 +/* Active session state - tracks SSH/GPG resources for proper cleanup */
 +typedef struct {
 +    ssh_config_t ssh_config;
 +    gpg_config_t gpg_config;
 +    bool ssh_active;
 +    bool gpg_active;
 +    char original_gnupghome[MAX_PATH_LEN];
 +    bool had_original_gnupghome;
 +    bool gnupghome_saved;
 +} active_session_t;
++
 +/* Static session state - only one active session at a time */
 +static active_session_t g_session = {0};
++
  /* Internal helper functions */
  static uint32_t get_next_available_id(const gitswitch_ctx_t *ctx);
  static int validate_ssh_key_security(const char *ssh_key_path);
          set_error(ERR_INVALID_ARGS, "NULL context to accounts_init");
          return -1;
+     }
+-
++
      /* Initialize account array */
      memset(ctx->accounts, 0, sizeof(ctx->accounts));
      ctx->account_count = 0;
      ctx->current_account = NULL;
+-
++
 +    /* Initialize session state */
 +    memset(&g_session, 0, sizeof(g_session));
++
      log_debug("Accounts system initialized");
      return 0;
+ }
 +/* Clean up active session resources */
 +void accounts_session_cleanup(void) {
 +    log_debug("Cleaning up active session resources");
++
 +    /* Clean up SSH agent if we started one */
 +    if (g_session.ssh_active) {
 +        log_info("Stopping SSH agent (pid=%d)", g_session.ssh_config.agent_pid);
 +        ssh_manager_cleanup(&g_session.ssh_config);
 +        g_session.ssh_active = false;
 +    }
++
 +    /* Clean up GPG environment if we modified it */
 +    if (g_session.gpg_active) {
 +        log_info("Cleaning up GPG environment");
 +        gpg_manager_cleanup(&g_session.gpg_config);
 +        g_session.gpg_active = false;
 +    }
++
 +    /* Restore original GNUPGHOME environment variable */
 +    if (g_session.gnupghome_saved) {
 +        if (g_session.had_original_gnupghome) {
 +            log_debug("Restoring original GNUPGHOME: %s", g_session.original_gnupghome);
 +            setenv("GNUPGHOME", g_session.original_gnupghome, 1);
 +        } else {
 +            log_debug("Unsetting GNUPGHOME (was not set originally)");
 +            unsetenv("GNUPGHOME");
 +        }
 +        g_session.gnupghome_saved = false;
 +    }
++
 +    /* Clear session state */
 +    memset(&g_session, 0, sizeof(g_session));
 +    log_debug("Session cleanup complete");
 +}
++
  /* Switch to specified account with SSH isolation and validation */
  int accounts_switch(gitswitch_ctx_t *ctx, const char *identifier) {
      account_t *account;
          return -1;
+     }
 +    /* Clean up any previous session before starting new one */
 +    accounts_session_cleanup();
++
 +    /* Save original GNUPGHOME if not already saved */
 +    if (!g_session.gnupghome_saved) {
 +        const char *orig = getenv("GNUPGHOME");
 +        if (orig) {
 +            safe_strncpy(g_session.original_gnupghome, orig, sizeof(g_session.original_gnupghome));
 +            g_session.had_original_gnupghome = true;
 +        } else {
 +            g_session.had_original_gnupghome = false;
 +        }
 +        g_session.gnupghome_saved = true;
 +    }
++
      /* Determine git scope - use account preference or context default */
      git_scope_t scope = account->preferred_scope;
      if (scope == GIT_SCOPE_LOCAL && !git_is_repository()) {
          if (account->ssh_enabled && strlen(account->ssh_key_path) > 0) {
              log_info("Setting up SSH isolation for account: %s", account->name);
 -            /* Initialize SSH manager with isolated agents */
 -            ssh_config_t ssh_config = {0};
 -            if (ssh_manager_init(&ssh_config, SSH_AGENT_ISOLATED) != 0) {
 +            /* Initialize SSH manager with isolated agents using session state */
 +            memset(&g_session.ssh_config, 0, sizeof(g_session.ssh_config));
 +            if (ssh_manager_init(&g_session.ssh_config, SSH_AGENT_ISOLATED) != 0) {
                  printf("  [!!] SSH agent failed to start\n");
                  log_warning("Failed to initialize SSH manager: %s", get_last_error()->message);
              } else {
                  /* Switch to account's SSH configuration */
 -                if (ssh_switch_account(&ssh_config, account) != 0) {
 +                if (ssh_switch_account(&g_session.ssh_config, account) != 0) {
                      printf("  [!!] SSH key failed to load\n");
                      log_warning("Failed to switch SSH configuration: %s", get_last_error()->message);
                      /* Clean up SSH manager on failure */
 -                    ssh_manager_cleanup(&ssh_config);
 +                    ssh_manager_cleanup(&g_session.ssh_config);
                  } else {
                      ssh_ok = true;
 +                    g_session.ssh_active = true;  /* Mark session as active for cleanup */
                      printf("  [OK] SSH key loaded\n");
                      log_info("SSH isolation activated for account: %s", account->name);
          if (account->gpg_enabled && strlen(account->gpg_key_id) > 0) {
              log_info("Setting up GPG isolation for account: %s", account->name);
 -            /* Initialize GPG manager with isolated environments */
 -            gpg_config_t gpg_config = {0};
 -            if (gpg_manager_init(&gpg_config, GPG_MODE_ISOLATED) != 0) {
 +            /* Initialize GPG manager with isolated environments using session state */
 +            memset(&g_session.gpg_config, 0, sizeof(g_session.gpg_config));
 +            if (gpg_manager_init(&g_session.gpg_config, GPG_MODE_ISOLATED) != 0) {
                  printf("  [!!] GPG manager failed to initialize\n");
                  log_warning("Failed to initialize GPG manager: %s", get_last_error()->message);
              } else {
                  /* Switch to account's GPG configuration */
 -                if (gpg_switch_account(&gpg_config, account) != 0) {
 +                if (gpg_switch_account(&g_session.gpg_config, account) != 0) {
                      printf("  [!!] GPG key failed to activate\n");
                      log_warning("Failed to switch GPG configuration: %s", get_last_error()->message);
                      /* Clean up GPG manager on failure */
 -                    gpg_manager_cleanup(&gpg_config);
 +                    gpg_manager_cleanup(&g_session.gpg_config);
                  } else {
 +                    g_session.gpg_active = true;  /* Mark session as active for cleanup */
                      log_info("GPG isolation activated for account: %s", account->name);
                      /* Configure git GPG signing */
 -                    if (gpg_configure_git_signing(&gpg_config, account, scope) != 0) {
 +                    if (gpg_configure_git_signing(&g_session.gpg_config, account, scope) != 0) {
                          printf("  [!!] GPG signing config failed\n");
                          log_warning("Failed to configure git GPG signing: %s", get_last_error()->message);
                      } else {
      /* Set as current account */
      ctx->current_account = account;
 +    /* Print shell integration tip if SSH was set up */
 +    if (ssh_ok) {
 +        const char *runtime_dir = getenv("XDG_RUNTIME_DIR");
 +        if (runtime_dir) {
 +            printf("\n  Tip: Add to your shell rc for persistent SSH:\n");
 +            printf("       export SSH_AUTH_SOCK=%s/gitswitch-ssh/current.sock\n", runtime_dir);
 +        }
 +    }
++
      printf("\n");
      log_info("Successfully switched to account: %s (%s)", account->name, account->description);
      return 0;

src/accounts.hmodified

   */
  int accounts_health_check(const gitswitch_ctx_t *ctx);
 +/**
 + * Clean up active session resources
 + * - Stops SSH agent if one was started
 + * - Restores original GNUPGHOME environment
 + * - Cleans up isolated GPG home if created
 + * Call this before program exit or when switching accounts
 + */
 +void accounts_session_cleanup(void);
++
  #endif /* ACCOUNTS_H */

src/main.cmodified

  #include "display.h"
  #include "error.h"
  #include "utils.h"
 +#include "git_ops.h"
  static void print_usage(const char *prog_name) {
      printf("Usage: %s [OPTIONS] [COMMAND] [ARGS]\n", prog_name);
+         }
+     }
 -    /* Cleanup */
 +    /* Note: We intentionally do NOT clean up SSH agents on exit.
 +     * The agent should persist so subsequent git commands can use it.
 +     * Cleanup happens at the start of the next account switch. */
++
 +    /* Cleanup error handling */
      error_cleanup();
      return exit_code == EXIT_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
+ }

src/ssh_manager.cmodified

  static int kill_ssh_agent_gracefully(pid_t pid);
  static int validate_ssh_agent_socket(const char *socket_path);
  static int parse_ssh_agent_output(const char *output, ssh_config_t *ssh_config);
 +static void kill_orphaned_gitswitch_agents(void);
  /* Global SSH configuration for cleanup */
  static ssh_config_t *g_active_ssh_config = NULL;
      log_info("Starting isolated SSH agent for account: %s", account->name);
 +    /* Kill any orphaned gitswitch agents from previous runs */
 +    kill_orphaned_gitswitch_agents();
++
      /* Stop any existing agent we own */
      if (ssh_config->agent_owned && ssh_config->agent_pid > 0) {
          log_debug("Stopping existing SSH agent");
          return -1;
+     }
 -    log_info("Isolated SSH agent started successfully (PID: %d, Socket: %s)",
 +    log_info("Isolated SSH agent started successfully (PID: %d, Socket: %s)",
               ssh_config->agent_pid, ssh_config->agent_socket_path);
++
 +    /* Create/update symlink for easy shell integration */
 +    char symlink_path[MAX_PATH_LEN];
 +    if ((size_t)snprintf(symlink_path, sizeof(symlink_path),
 +                        "%s/current.sock", socket_dir) < sizeof(symlink_path)) {
 +        /* Remove old symlink if it exists */
 +        unlink(symlink_path);
 +        /* Create new symlink to current socket */
 +        if (symlink(socket_path, symlink_path) == 0) {
 +            log_debug("Created symlink: %s -> %s", symlink_path, socket_path);
 +        } else {
 +            log_warning("Failed to create socket symlink: %s", strerror(errno));
 +        }
 +    }
++
      return 0;
+ }
          set_error(ERR_SSH_AGENT_START_FAILED, "Failed to parse ssh-agent output");
          return -1;
+     }
+-
++
      return 0;
 +}
++
 +/* Kill orphaned gitswitch ssh-agents from previous runs */
 +static void kill_orphaned_gitswitch_agents(void) {
 +    char socket_dir[256];
 +    const char *runtime_dir = getenv("XDG_RUNTIME_DIR");
++
 +    /* Determine socket directory - use short buffer since runtime_dir is typically short */
 +    if (runtime_dir && strlen(runtime_dir) < 200 && path_exists(runtime_dir)) {
 +        snprintf(socket_dir, sizeof(socket_dir), "%s/gitswitch-ssh", runtime_dir);
 +    } else {
 +        snprintf(socket_dir, sizeof(socket_dir), "/tmp/gitswitch-ssh-%d", getuid());
 +    }
++
 +    /* Use pkill to kill any existing gitswitch ssh-agents */
 +    char command[512];
 +    snprintf(command, sizeof(command),
 +             "pkill -f 'ssh-agent -a %.200s/' 2>/dev/null", socket_dir);
++
 +    int result = system(command);
 +    if (result == 0) {
 +        log_debug("Killed orphaned gitswitch ssh-agents");
 +    }
 +    /* result != 0 is normal if no agents were running */
++
 +    /* Also clean up any stale socket files */
 +    char cleanup_cmd[512];
 +    snprintf(cleanup_cmd, sizeof(cleanup_cmd),
 +             "rm -f %.200s/ssh-agent.*.sock 2>/dev/null", socket_dir);
 +    if (system(cleanup_cmd) != 0) {
 +        /* Ignore cleanup failures - files may not exist */
 +    }
+ }