From 2bb0f2301b5c25217ab61eedcba55d6c8257a37e Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 21 Nov 2016 08:40:19 +0100
Subject: [PATCH] unbound: fix/secure unbound control

Turns out unbound reload flushes cache as well.  Also, unbound-control
may hang when it runs into an "undefined state" (stoping a stopped
service, right), and lastly it wants to chroot after being chrooted
on reload, something that cannot be fixed with using unbound-control.

Keep unbound-control-setup in case somebody finds the facility useful.
---
 src/etc/inc/plugins.inc.d/unbound.inc | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc
index 74dde65f0..be9a142b9 100644
--- a/src/etc/inc/plugins.inc.d/unbound.inc
+++ b/src/etc/inc/plugins.inc.d/unbound.inc
@@ -455,22 +455,28 @@ function unbound_execute($cmd)
             $local_domain = !empty($config['system']['domain']) ? $config['system']['domain'] : "local";
             killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true);
             if (isset($config['unbound']['regdhcp'])) {
-                mwexec('/usr/local/opnsense/scripts/dns/unbound_dhcpd.py /domain "'.$local_domain.'"');
+                mwexecf('/usr/local/opnsense/scripts/dns/unbound_dhcpd.py /domain %s', $local_domain);
             }
-            mwexec("/usr/local/sbin/unbound -c {$g['unbound_chroot_path']}/unbound.conf");
+            mwexecf('/usr/local/sbin/unbound -c %s', "{$g['unbound_chroot_path']}/unbound.conf");
             break;
         case 'stop':
             killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true);
-            mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-control stop", true);
+            killbypid('/var/run/unbound.pid', 'TERM', true);
             break;
         case 'reload':
             killbypid('/var/run/unbound.pid', 'HUP');
             break;
         case 'unbound-anchor':
-            mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-anchor -a {$g['unbound_chroot_path']}/root.key", true);
+            mwexecf(
+                'chroot -u unbound -g unbound / %s -a %s',
+                array('/usr/local/sbin/unbound-anchor', "{$g['unbound_chroot_path']}/root.key")
+            );
             break;
         case 'unbound-control-setup':
-            mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-control-setup -d {$g['unbound_chroot_path']}", true);
+            mwexecf(
+                'chroot -u unbound -g unbound / %s -d %s',
+                array('/usr/local/sbin/unbound-control-setup', $g['unbound_chroot_path'])
+            );
             break;
         default:
             break;