| 1 | /* SSH key and agent management with proper isolation */ |
| 2 | |
| 3 | #ifndef SSH_MANAGER_H |
| 4 | #define SSH_MANAGER_H |
| 5 | |
| 6 | #include "gitswitch.h" |
| 7 | |
| 8 | /* SSH agent management modes */ |
| 9 | typedef enum { |
| 10 | SSH_AGENT_SYSTEM, /* Use system SSH agent */ |
| 11 | SSH_AGENT_ISOLATED, /* Use isolated SSH agent per account */ |
| 12 | SSH_AGENT_NONE /* No SSH agent management */ |
| 13 | } ssh_agent_mode_t; |
| 14 | |
| 15 | /* SSH configuration structure */ |
| 16 | typedef struct { |
| 17 | ssh_agent_mode_t mode; |
| 18 | char agent_socket_path[MAX_PATH_LEN]; |
| 19 | pid_t agent_pid; |
| 20 | bool agent_owned; /* Whether we started this agent */ |
| 21 | } ssh_config_t; |
| 22 | |
| 23 | /* Function prototypes */ |
| 24 | |
| 25 | /** |
| 26 | * Initialize SSH manager with specified mode |
| 27 | */ |
| 28 | int ssh_manager_init(ssh_config_t *ssh_config, ssh_agent_mode_t mode); |
| 29 | |
| 30 | /** |
| 31 | * Cleanup SSH manager, stopping owned agents |
| 32 | */ |
| 33 | void ssh_manager_cleanup(ssh_config_t *ssh_config); |
| 34 | |
| 35 | /** |
| 36 | * Switch to account's SSH configuration with proper isolation |
| 37 | * - Clears current SSH agent keys if using isolated mode |
| 38 | * - Loads account's SSH key into appropriate agent |
| 39 | * - Updates SSH_AUTH_SOCK environment if needed |
| 40 | * - Validates key is properly loaded |
| 41 | */ |
| 42 | int ssh_switch_account(ssh_config_t *ssh_config, const account_t *account); |
| 43 | |
| 44 | /** |
| 45 | * Start isolated SSH agent for account |
| 46 | * Returns socket path and PID for cleanup |
| 47 | */ |
| 48 | int ssh_start_isolated_agent(ssh_config_t *ssh_config, const account_t *account); |
| 49 | |
| 50 | /** |
| 51 | * Stop SSH agent (only if we own it) |
| 52 | */ |
| 53 | int ssh_stop_agent(ssh_config_t *ssh_config); |
| 54 | |
| 55 | /** |
| 56 | * Clear all keys from SSH agent |
| 57 | */ |
| 58 | int ssh_clear_agent_keys(ssh_config_t *ssh_config); |
| 59 | |
| 60 | /** |
| 61 | * Add key to SSH agent with validation |
| 62 | * - Verifies key file exists and has correct permissions |
| 63 | * - Loads key into agent |
| 64 | * - Confirms key was loaded successfully |
| 65 | */ |
| 66 | int ssh_add_key(ssh_config_t *ssh_config, const char *key_path); |
| 67 | |
| 68 | /** |
| 69 | * List loaded SSH keys for verification |
| 70 | */ |
| 71 | int ssh_list_keys(ssh_config_t *ssh_config, char *output, size_t output_size); |
| 72 | |
| 73 | /** |
| 74 | * Validate SSH key file permissions and format |
| 75 | */ |
| 76 | int ssh_validate_key_file(const char *key_path); |
| 77 | |
| 78 | /** |
| 79 | * Set SSH host alias in ~/.ssh/config if specified |
| 80 | */ |
| 81 | int ssh_configure_host_alias(const account_t *account); |
| 82 | |
| 83 | /** |
| 84 | * Test SSH connection to verify authentication |
| 85 | */ |
| 86 | int ssh_test_connection(const account_t *account, const char *host); |
| 87 | |
| 88 | /** |
| 89 | * Write the stable SSH_AUTH_SOCK symlink path to buf. |
| 90 | * Uses $XDG_RUNTIME_DIR/gitswitch-ssh/current.sock when XDG_RUNTIME_DIR is set, |
| 91 | * otherwise /tmp/gitswitch-ssh-<uid>/current.sock. Shared by runtime switch |
| 92 | * logic and the `init` shell-integration command so both agree on the path. |
| 93 | * Returns 0 on success, -1 if the computed path would overflow buf. |
| 94 | */ |
| 95 | int ssh_manager_get_auth_sock_path(char *buf, size_t buf_size); |
| 96 | |
| 97 | #endif /* SSH_MANAGER_H */ |