`c55d684`

feat: persistent SSH agents with session state tracking

- Add session state tracking to prevent orphaned SSH agents
- SSH agents now persist after gitswitch exits for use by git commands
- Kill orphaned agents from previous runs when switching accounts
- Create current.sock symlink for easy shell integration
- Show shell integration tip after successful switch

To use persistent SSH in your shell, add to your rc file:
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gitswitch-ssh/current.sock

Authored by

espadonne 4 months ago

SHA: c55d6840fda46f3bc11230b7268f27f3c03381c3
Parents: aa90aa8
Tree: 382c80b

4 changed files

Status	File	+	-
M	`src/accounts.c`	94	13
M	`src/accounts.h`	9	0
M	`src/main.c`	6	1
M	`src/ssh_manager.c`	53	2

src/accounts.cmodified

   * Implements secure account switching and management for gitswitch-c
   */
++/* Enable POSIX extensions for setenv/unsetenv */
++#define _POSIX_C_SOURCE 200809L
++
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include "ssh_manager.h"
  #include "gpg_manager.h"
++/* Active session state - tracks SSH/GPG resources for proper cleanup */
++typedef struct {
++    ssh_config_t ssh_config;
++    gpg_config_t gpg_config;
++    bool ssh_active;
++    bool gpg_active;
++    char original_gnupghome[MAX_PATH_LEN];
++    bool had_original_gnupghome;
++    bool gnupghome_saved;
++} active_session_t;
++
++/* Static session state - only one active session at a time */
++static active_session_t g_session = {0};
++
  /* Internal helper functions */
  static uint32_t get_next_available_id(const gitswitch_ctx_t *ctx);
  static int validate_ssh_key_security(const char *ssh_key_path);
          set_error(ERR_INVALID_ARGS, "NULL context to accounts_init");
          return -1;
+     }
--
++
      /* Initialize account array */
      memset(ctx->accounts, 0, sizeof(ctx->accounts));
      ctx->account_count = 0;
      ctx->current_account = NULL;
--
++
++    /* Initialize session state */
++    memset(&g_session, 0, sizeof(g_session));
++
      log_debug("Accounts system initialized");
      return 0;
+ }
++/* Clean up active session resources */
++void accounts_session_cleanup(void) {
++    log_debug("Cleaning up active session resources");
++
++    /* Clean up SSH agent if we started one */
++    if (g_session.ssh_active) {
++        log_info("Stopping SSH agent (pid=%d)", g_session.ssh_config.agent_pid);
++        ssh_manager_cleanup(&g_session.ssh_config);
++        g_session.ssh_active = false;
++    }
++
++    /* Clean up GPG environment if we modified it */
++    if (g_session.gpg_active) {
++        log_info("Cleaning up GPG environment");
++        gpg_manager_cleanup(&g_session.gpg_config);
++        g_session.gpg_active = false;
++    }
++
++    /* Restore original GNUPGHOME environment variable */
++    if (g_session.gnupghome_saved) {
++        if (g_session.had_original_gnupghome) {
++            log_debug("Restoring original GNUPGHOME: %s", g_session.original_gnupghome);
++            setenv("GNUPGHOME", g_session.original_gnupghome, 1);
++        } else {
++            log_debug("Unsetting GNUPGHOME (was not set originally)");
++            unsetenv("GNUPGHOME");
++        }
++        g_session.gnupghome_saved = false;
++    }
++
++    /* Clear session state */
++    memset(&g_session, 0, sizeof(g_session));
++    log_debug("Session cleanup complete");
++}
++
  /* Switch to specified account with SSH isolation and validation */
  int accounts_switch(gitswitch_ctx_t *ctx, const char *identifier) {
      account_t *account;
          return -1;
+     }
++    /* Clean up any previous session before starting new one */
++    accounts_session_cleanup();
++
++    /* Save original GNUPGHOME if not already saved */
++    if (!g_session.gnupghome_saved) {
++        const char *orig = getenv("GNUPGHOME");
++        if (orig) {
++            safe_strncpy(g_session.original_gnupghome, orig, sizeof(g_session.original_gnupghome));
++            g_session.had_original_gnupghome = true;
++        } else {
++            g_session.had_original_gnupghome = false;
++        }
++        g_session.gnupghome_saved = true;
++    }
++
      /* Determine git scope - use account preference or context default */
      git_scope_t scope = account->preferred_scope;
      if (scope == GIT_SCOPE_LOCAL && !git_is_repository()) {
          if (account->ssh_enabled && strlen(account->ssh_key_path) > 0) {
              log_info("Setting up SSH isolation for account: %s", account->name);
--            /* Initialize SSH manager with isolated agents */
++            /* Initialize SSH manager with isolated agents using session state */
--            ssh_config_t ssh_config = {0};
++            memset(&g_session.ssh_config, 0, sizeof(g_session.ssh_config));
--            if (ssh_manager_init(&ssh_config, SSH_AGENT_ISOLATED) != 0) {
++            if (ssh_manager_init(&g_session.ssh_config, SSH_AGENT_ISOLATED) != 0) {
                  printf("  [!!] SSH agent failed to start\n");
                  log_warning("Failed to initialize SSH manager: %s", get_last_error()->message);
              } else {
                  /* Switch to account's SSH configuration */
--                if (ssh_switch_account(&ssh_config, account) != 0) {
++                if (ssh_switch_account(&g_session.ssh_config, account) != 0) {
                      printf("  [!!] SSH key failed to load\n");
                      log_warning("Failed to switch SSH configuration: %s", get_last_error()->message);
                      /* Clean up SSH manager on failure */
--                    ssh_manager_cleanup(&ssh_config);
++                    ssh_manager_cleanup(&g_session.ssh_config);
                  } else {
                      ssh_ok = true;
++                    g_session.ssh_active = true;  /* Mark session as active for cleanup */
                      printf("  [OK] SSH key loaded\n");
                      log_info("SSH isolation activated for account: %s", account->name);
          if (account->gpg_enabled && strlen(account->gpg_key_id) > 0) {
              log_info("Setting up GPG isolation for account: %s", account->name);
--            /* Initialize GPG manager with isolated environments */
++            /* Initialize GPG manager with isolated environments using session state */
--            gpg_config_t gpg_config = {0};
++            memset(&g_session.gpg_config, 0, sizeof(g_session.gpg_config));
--            if (gpg_manager_init(&gpg_config, GPG_MODE_ISOLATED) != 0) {
++            if (gpg_manager_init(&g_session.gpg_config, GPG_MODE_ISOLATED) != 0) {
                  printf("  [!!] GPG manager failed to initialize\n");
                  log_warning("Failed to initialize GPG manager: %s", get_last_error()->message);
              } else {
                  /* Switch to account's GPG configuration */
--                if (gpg_switch_account(&gpg_config, account) != 0) {
++                if (gpg_switch_account(&g_session.gpg_config, account) != 0) {
                      printf("  [!!] GPG key failed to activate\n");
                      log_warning("Failed to switch GPG configuration: %s", get_last_error()->message);
                      /* Clean up GPG manager on failure */
--                    gpg_manager_cleanup(&gpg_config);
++                    gpg_manager_cleanup(&g_session.gpg_config);
                  } else {
++                    g_session.gpg_active = true;  /* Mark session as active for cleanup */
                      log_info("GPG isolation activated for account: %s", account->name);
                      /* Configure git GPG signing */
--                    if (gpg_configure_git_signing(&gpg_config, account, scope) != 0) {
++                    if (gpg_configure_git_signing(&g_session.gpg_config, account, scope) != 0) {
                          printf("  [!!] GPG signing config failed\n");
                          log_warning("Failed to configure git GPG signing: %s", get_last_error()->message);
                      } else {
      /* Set as current account */
      ctx->current_account = account;
++    /* Print shell integration tip if SSH was set up */
++    if (ssh_ok) {
++        const char *runtime_dir = getenv("XDG_RUNTIME_DIR");
++        if (runtime_dir) {
++            printf("\n  Tip: Add to your shell rc for persistent SSH:\n");
++            printf("       export SSH_AUTH_SOCK=%s/gitswitch-ssh/current.sock\n", runtime_dir);
++        }
++    }
++
      printf("\n");
      log_info("Successfully switched to account: %s (%s)", account->name, account->description);
      return 0;

src/accounts.hmodified

   */
  int accounts_health_check(const gitswitch_ctx_t *ctx);
++/**
++ * Clean up active session resources
++ * - Stops SSH agent if one was started
++ * - Restores original GNUPGHOME environment
++ * - Cleans up isolated GPG home if created
++ * Call this before program exit or when switching accounts
++ */
++void accounts_session_cleanup(void);
++
  #endif /* ACCOUNTS_H */

src/main.cmodified

  #include "display.h"
  #include "error.h"
  #include "utils.h"
++#include "git_ops.h"
  static void print_usage(const char *prog_name) {
      printf("Usage: %s [OPTIONS] [COMMAND] [ARGS]\n", prog_name);
          }
      }
--    /* Cleanup */
++    /* Note: We intentionally do NOT clean up SSH agents on exit.
++     * The agent should persist so subsequent git commands can use it.
++     * Cleanup happens at the start of the next account switch. */
++
++    /* Cleanup error handling */
      error_cleanup();
      return exit_code == EXIT_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
  }

src/ssh_manager.cmodified

  static int kill_ssh_agent_gracefully(pid_t pid);
  static int validate_ssh_agent_socket(const char *socket_path);
  static int parse_ssh_agent_output(const char *output, ssh_config_t *ssh_config);
++static void kill_orphaned_gitswitch_agents(void);
  /* Global SSH configuration for cleanup */
  static ssh_config_t *g_active_ssh_config = NULL;
      log_info("Starting isolated SSH agent for account: %s", account->name);
++    /* Kill any orphaned gitswitch agents from previous runs */
++    kill_orphaned_gitswitch_agents();
++
      /* Stop any existing agent we own */
      if (ssh_config->agent_owned && ssh_config->agent_pid > 0) {
          log_debug("Stopping existing SSH agent");
          return -1;
+     }
--    log_info("Isolated SSH agent started successfully (PID: %d, Socket: %s)",
++    log_info("Isolated SSH agent started successfully (PID: %d, Socket: %s)",
               ssh_config->agent_pid, ssh_config->agent_socket_path);
++
++    /* Create/update symlink for easy shell integration */
++    char symlink_path[MAX_PATH_LEN];
++    if ((size_t)snprintf(symlink_path, sizeof(symlink_path),
++                        "%s/current.sock", socket_dir) < sizeof(symlink_path)) {
++        /* Remove old symlink if it exists */
++        unlink(symlink_path);
++        /* Create new symlink to current socket */
++        if (symlink(socket_path, symlink_path) == 0) {
++            log_debug("Created symlink: %s -> %s", symlink_path, socket_path);
++        } else {
++            log_warning("Failed to create socket symlink: %s", strerror(errno));
++        }
++    }
++
      return 0;
+ }
          set_error(ERR_SSH_AGENT_START_FAILED, "Failed to parse ssh-agent output");
          return -1;
+     }
--
++
      return 0;
++}
++
++/* Kill orphaned gitswitch ssh-agents from previous runs */
++static void kill_orphaned_gitswitch_agents(void) {
++    char socket_dir[256];
++    const char *runtime_dir = getenv("XDG_RUNTIME_DIR");
++
++    /* Determine socket directory - use short buffer since runtime_dir is typically short */
++    if (runtime_dir && strlen(runtime_dir) < 200 && path_exists(runtime_dir)) {
++        snprintf(socket_dir, sizeof(socket_dir), "%s/gitswitch-ssh", runtime_dir);
++    } else {
++        snprintf(socket_dir, sizeof(socket_dir), "/tmp/gitswitch-ssh-%d", getuid());
++    }
++
++    /* Use pkill to kill any existing gitswitch ssh-agents */
++    char command[512];
++    snprintf(command, sizeof(command),
++             "pkill -f 'ssh-agent -a %.200s/' 2>/dev/null", socket_dir);
++
++    int result = system(command);
++    if (result == 0) {
++        log_debug("Killed orphaned gitswitch ssh-agents");
++    }
++    /* result != 0 is normal if no agents were running */
++
++    /* Also clean up any stale socket files */
++    char cleanup_cmd[512];
++    snprintf(cleanup_cmd, sizeof(cleanup_cmd),
++             "rm -f %.200s/ssh-agent.*.sock 2>/dev/null", socket_dir);
++    if (system(cleanup_cmd) != 0) {
++        /* Ignore cleanup failures - files may not exist */
++    }
+ }