summary refs log tree commit diff
path: root/config.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2019-10-31 19:04:43 -0400
committerJune McEnroe <june@causal.agency>2019-10-31 19:04:43 -0400
commitc4404762701c7073e1f85d7f89834b5ddd59e749 (patch)
treebbe1d574587f2e6d5841d2c49fb7eb4018839eef /config.c
parentSend clients their own QUIT on shutdown (diff)
downloadpounce-c4404762701c7073e1f85d7f89834b5ddd59e749.tar.gz
pounce-c4404762701c7073e1f85d7f89834b5ddd59e749.zip
Use explicit_bzero to clear passwords
GNU doesn't implement memset_s, but both FreeBSD and GNU implement
explicit_bzero. Darwin doesn't, so #define it in terms of memset_s.
Diffstat (limited to 'config.c')
-rw-r--r--config.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/config.c b/config.c
index adf2b34..1d608d6 100644
--- a/config.c
+++ b/config.c
@@ -14,6 +14,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "bounce.h"
+
 #include <err.h>
 #include <getopt.h>
 #include <stdio.h>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-04 21:47:55 +0000
it_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16auth: have cgit calculate login addressJason A. Donenfeld This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16t0111: Additions and fixesLukas Fleischer * Rename the capitalize-* filters to dump.* since they also dump the arguments. * Add full argument validation to the email filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16parsing.c: Remove leading space from committerLukas Fleischer