diff options
Diffstat (limited to 'etc/inc/auth.inc')
-rw-r--r-- | etc/inc/auth.inc | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 4c02aad..0d288ef 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -37,6 +37,40 @@ $auth_method="htpasswd_backed_basic_auth"; if (!$auth_method()) exit; +/* If this function doesn't exist, we're being called from Captive Portal or + another internal subsystem which does not include authgui.inc */ +if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) { + /* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ + $found_host = false; + if(strstr($_SERVER['HTTP_HOST'], ":")) { + $http_host_port = explode(":", $_SERVER['HTTP_HOST']); + $http_host = $http_host_port[0]; + } else { + $http_host = $_SERVER['HTTP_HOST']; + } + if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or + $http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") + $found_host = true; + if($config['dyndnses']['dyndns']) + foreach($config['dyndnses']['dyndns'] as $dyndns) + if($dyndns['host'] == $http_host or $dyndns['host'] == $_SERVER['SERVER_ADDR']) + $found_host = true; + if(!empty($config['system']['webgui']['althostnames'])) { + $althosts = explode(" ", $config['system']['webgui']['althostnames']); + foreach ($althosts as $ah) + if($ah == $http_host or $ah == $_SERVER['SERVER_ADDR']) + $found_host = true; + } + if($http_host == $config['system']['hostname'] . "." . $config['system']['domain'] or + $http_host == $_SERVER['SERVER_ADDR'] or + $http_host == $config['system']['hostname']) + $found_host = true; + if($found_host == false) { + echo "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"; + exit; + } +} + function basic_auth_prompt(){ header("WWW-Authenticate: Basic realm=\".\""); header("HTTP/1.0 401 Unauthorized"); |